How can I specify a realm with "--protocol=pulse"?
Daniel Lenski
dlenski at gmail.com
Wed May 4 10:21:58 PDT 2022
On Wed, May 4, 2022 at 3:11 AM David Woodhouse <dwmw2 at infradead.org> wrote:
>
> On Wed, 2022-05-04 at 09:36 +0000, Schütz Dominik wrote:
> > Hi,
> >
> > how can I specify a realm with "--protocol=pulse"?
> > # output without specify realm
> > Choose Pulse user realm:
> > Realm: [REALM_xxx_Productive|REALM_xxx_Limited_Initial_Network|REALM_xxx_Limited_Machine_Network]:REALM_xxx_Limited_Machine_Network
> >
> >
> > With "--protocol=nc" I specify the realm as follows:
> > # output without specify realm
> > frmLogin
> > realm [REALM_xxx_Productive|REALM_xxx_Limited_Initial_Network|REALM_xxx_Limited_Machine_Network]:REALM_xxx_Limited_Machine_Network
> >
> > # command with realm
> > dominik at host1:~$ sudo openconnect --script=/root/vpnc-script --protocol=nc --form-entry=frmLogin:realm=REALM_xxx_Limited_Machine_Network
> > https://vpn-gateway/linux
>
> For pulse I think you want '-F pulse_realm_entry:realm=REALM_xxx_Foo'
It's not necessary to use -F/--form-entry here ☺
It should also work fine with `--authgroup`
(https://gitlab.com/openconnect/openconnect/blob/master/pulse.c#L785-787),
e.g. `--authgroup REALM_xxx_Foo`. The name "auth group" originally
came from Cisco, but the option `--authgroup` now works with all other
protocols that allow the user to select some kind of dropdown. We even
have tests to verify that the client propagates this value as
expected, in all the protocols where it's supported and where we have
authentication tests.
Juniper/NC: https://gitlab.com/openconnect/openconnect/-/blob/master/tests/juniper-auth#L45-47
GlobalProtect: https://gitlab.com/openconnect/openconnect/-/blob/master/tests/gp-auth-and-config#L44-46
F5: https://gitlab.com/openconnect/openconnect/-/blob/master/tests/f5-auth-and-config#L50-52
Dan
More information about the openconnect-devel
mailing list