AW: How can I specify a realm with "--protocol=pulse"?

Schütz Dominik Dominik.Schuetz at esolutions.de
Wed May 4 11:17:45 PDT 2022 

Hi,

yes, it works with "--authgroup" for "--protocol=nc" and "--protocol=pulse".

Thanks :)

Regards,
Dominik

-----Ursprüngliche Nachricht-----
Von: Daniel Lenski <dlenski at gmail.com> 
Gesendet: Mittwoch, 4. Mai 2022 19:22
An: David Woodhouse <dwmw2 at infradead.org>
Cc: Schütz Dominik <Dominik.Schuetz at esolutions.de>; openconnect-devel at lists.infradead.org
Betreff: Re: How can I specify a realm with "--protocol=pulse"?

On Wed, May 4, 2022 at 3:11 AM David Woodhouse <dwmw2 at infradead.org> wrote:
>
> On Wed, 2022-05-04 at 09:36 +0000, Schütz Dominik wrote:
> > Hi,
> >
> > how can I specify a realm with "--protocol=pulse"?
> > # output without specify realm
> > Choose Pulse user realm:
> > Realm: 
> > [REALM_xxx_Productive|REALM_xxx_Limited_Initial_Network|REALM_xxx_Li
> > mited_Machine_Network]:REALM_xxx_Limited_Machine_Network
> >
> >
> > With "--protocol=nc" I specify the realm as follows:
> > # output without specify realm
> > frmLogin
> > realm 
> > [REALM_xxx_Productive|REALM_xxx_Limited_Initial_Network|REALM_xxx_Li
> > mited_Machine_Network]:REALM_xxx_Limited_Machine_Network
> >
> > # command with realm
> > dominik at host1:~$ sudo openconnect --script=/root/vpnc-script 
> > --protocol=nc 
> > --form-entry=frmLogin:realm=REALM_xxx_Limited_Machine_Network
> > https://vpn-gateway/linux
>
> For pulse I think you want '-F pulse_realm_entry:realm=REALM_xxx_Foo'

It's not necessary to use -F/--form-entry here ☺

It should also work fine with `--authgroup` (https://gitlab.com/openconnect/openconnect/blob/master/pulse.c#L785-787),
e.g. `--authgroup REALM_xxx_Foo`. The name "auth group" originally came from Cisco, but the option `--authgroup` now works with all other protocols that allow the user to select some kind of dropdown. We even have tests to verify that the client propagates this value as expected, in all the protocols where it's supported and where we have authentication tests.

Juniper/NC: https://gitlab.com/openconnect/openconnect/-/blob/master/tests/juniper-auth#L45-47
GlobalProtect: https://gitlab.com/openconnect/openconnect/-/blob/master/tests/gp-auth-and-config#L44-46
F5: https://gitlab.com/openconnect/openconnect/-/blob/master/tests/f5-auth-and-config#L50-52

Dan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6003 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20220504/0ebc8e35/attachment-0001.p7s>

More information about the openconnect-devel mailing list