Openconnect - Palo Alto - Okta SSO / MFA

Daniel Lenski dlenski at gmail.com
Fri Apr 6 09:54:35 PDT 2018


On Fri, Apr 6, 2018 at 11:27 AM, Luis l <chelapa at hotmail.com> wrote:
> Hi Guys, I am using the latests version of OC w/ Palo Alto VPN …

As explained on the page for the fork with PAN GlobalProtect support
(https://github.com/dlenski/openconnect#feedback-and-troubleshooting),
you should report problems which are specific to PAN-GP as a new issue
on Github, rather than on this mailing list. GlobalProtect support is
not yet part of the official OpenConnect.

> … and Okta as the IDP / MFA. Using NON mfa/okta the process works and connects but when using okta it does not prompt me for the MFA key.

I have absolutely zero idea what Okta or IDP are. I think you're
saying that with single-factor authentication (username and password)
it works fine, but with multi-factor authentication it doesn't. Is
that correct?

> Gives a error of
>
>
> HTTP body length: (128)
> Unexpected 512 result from server
> Invalid username or password.
>
>
> protocol used is gp and i saw this post but no results
>
> https://github.com/dlenski/openconnect/issues/57
>
> Ubuntu LTS 14.01
>
> openconnect v7.08-274-gabb4ef3

You're using a recent build which does include challenge-based
multi-factor authentication support. Good.

Without more information, it's impossible to diagnose this. You should
file a new issue in Github, and be sure to include the debug logs as I
request in the template.

Dan



More information about the openconnect-devel mailing list