free choice of authgroups
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue May 20 00:07:05 PDT 2014
On Mon, 2014-05-19 at 07:59 -0700, Kevin Cernekee wrote:
> On Cisco this could be done through a group-url. So instead of
> entering a bare hostname, the user would enter something like
> "https://vpn.foo.com/my-group-url". The group-url namespace is
> separate from the authgroup names used in the dropdown list, and so it
> can include hidden groups.
> More recently we also saw a case where fields in the client cert were
> used to select the group.
Couldn't openconnect set the group-select xml tag if --authgroup is
specified on command line? Is there an issue if that's implemented? That
will allow the user to specify a group using the same method even if a
list isn't presented.
regards,
Nikos
More information about the openconnect-devel
mailing list