Openconnect - Palo Alto - Okta SSO / MFA

[Daniel Lenski]

On Wed, Apr 11, 2018 at 8:14 AM, Luis l <chelapa at hotmail.com> wrote:
>
> Thank you guys, I wasnt sure where to post it so any guidance would help.
>
>
> So yes Okta / IDP = SSO = Multifactor Auth doesnt work
>
>
> I saw that in the link i pasted they get presented with it, but if its still not an official release to OC then i will either wait or find another way for linux users to connect to vpn. which sucks bc i would rather use OC. Let me know what info is needed to maybe get this working.
>
>
> thank you!

Luis,
Other users have reported similar issues with external authentication
flows in GlobalProtect.

They're all different, but what they all have in common is that the
user goes through web-based authentication forms, and then at the end
they get some kind of cookie ("portal-userauthcookie",
"prelogin-cookie", etc.) which then needs to be used _in place of the
normal password_ to login.

Another user wrote some scripts to do the login with Okta, and I came
up with a way to submit the resulting cookie. See this discussion and
please give us feedback on whether the solution works for you:
https://github.com/dlenski/openconnect/issues/98

-Dan