ocserv 0.8.0pre0
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat May 24 10:50:34 PDT 2014
On Sun, 2014-05-25 at 01:39 +0800, Steve wrote:
> Trying to use select-group and cert auth only in 0.8, AnyConnect iOS
> client seems never prompt group select form, any idea?
>
> The client cert like: Subject: C=US, ST=California, L=San Francisco,
> O=WWW, OU=g1, OU=g2, OU=g3, CN=u1/emailAddress=test at test.com
> conf:
> cert-user-oid = 2.5.4.3
> cert-group-oid = 2.5.4.11
Hmm, ocserv gets the groups from the certificate that is being sent at
the current session, and it seems anyconnect only uses the certificate
initially and not at the time when the group selection should occur. I'd
see whether there can be some hacks to make that work.
regards,
Nikos
More information about the openconnect-devel
mailing list