Openconnect - Palo Alto - Okta SSO / MFA
Luis l
chelapa at hotmail.com
Fri Apr 13 08:02:20 PDT 2018
Example or I just didnt have enough coffee
script_that_obtains_the_portal_userauthcookie ? cant find that and dont think thats an actual file
From: Daniel Lenski <dlenski at gmail.com>
Sent: Friday, April 13, 2018 2:23 AM
To: Luis l
Cc: David Woodhouse; openconnect-devel
Subject: Re: Openconnect - Palo Alto - Okta SSO / MFA
On Wed, Apr 11, 2018 at 8:14 AM, Luis l <chelapa at hotmail.com> wrote:
>
> Thank you guys, I wasnt sure where to post it so any guidance would help.
>
>
> So yes Okta / IDP = SSO = Multifactor Auth doesnt work
>
>
> I saw that in the link i pasted they get presented with it, but if its still not an official release to OC then i will either wait or find another way for linux users to connect to vpn. which sucks bc i would rather use OC. Let me know what info is needed to maybe get this working.
>
>
> thank you!
Luis,
Other users have reported similar issues with external authentication
flows in GlobalProtect.
They're all different, but what they all have in common is that the
user goes through web-based authentication forms, and then at the end
they get some kind of cookie ("portal-userauthcookie",
"prelogin-cookie", etc.) which then needs to be used _in place of the
normal password_ to login.
Another user wrote some scripts to do the login with Okta, and I came
up with a way to submit the resulting cookie. See this discussion and
please give us feedback on whether the solution works for you:
https://github.com/dlenski/openconnect/issues/98
-Dan
More information about the openconnect-devel
mailing list