Fix for Juniper Google 2FA

Daniel Lenski dlenski at gmail.com
Thu Apr 19 13:32:29 PDT 2018


On Wed, Apr 18, 2018 at 6:08 PM, Yage Hu <YageH at supermicro.com> wrote:
> The Google 2FA support for Juniper was not working due to a minor typo
> in `auth-juniper.c`.
>
> When attempting to connect with --juniper --token-mode=totp
> --token-secret=<XXX> the error:
>
>     Unknown form ID 'frmTotpToken'
>
> would pop up along with some HTML dump.
>
> I simply corrected the typo (ftmTotpToken -> frmTotpToken). `git am` to
> apply patch.

Good catch.

There's a thread from November 2017 in which Kevin Cernekee and Andy
Wang discuss a Juniper VPN where TOTP fails to work:
http://lists.infradead.org/pipermail/openconnect-devel/2017-November/004569.html

… and in that thread both "ftmTotpToken" and "frmTotpToken" are
mentioned. It appears that the reason for the misbehavior discussed in
the November 2017 is because of the (overlooked) typo in the code.

A bit of code archaeology here…

But I'm not sure how the "ftm" version got committed in the first
place. ¯\_(ツ)_/¯. I did a bit of archeological digging, and I can't
find the original patch (from November 29, 2016) anywhere on the
mailing list, but it's obviously in the Git history:
http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/1ff34cb9689fbaf57decac537df1e32e799bb9c7

Dan



More information about the openconnect-devel mailing list