OAUTH TOTP as 3rd prompt

David Woodhouse dwmw2 at infradead.org
Thu Feb 1 00:05:29 PST 2018


On Wed, 2018-01-31 at 23:12 -0800, Curtis Shimamoto wrote:
> 
> "This behaviour is empirically determined by the requirements of the
> servers that we have tested with; if you find a configuration in which
> it is not appropriate, please let us know."
> 
> So in an effort to provide you all with an additional data point, and
> the possibility of helping others in asking about my own problem, I'm
> reporting this scenario as you've requested.

You're the second person this week to report that our current
heuristics aren't doing the right thing for them. Quite feasibly the
second for whom Cisco's native integration with things like the RSA
Softoken API aren't likely to work either?

If there *is* a "correct" way to determine which form field gets the
OTP, I cannot imagine what it is.

I think we want a --otp-form-field argument to allow people to override
it. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5213 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20180201/50620df2/attachment.bin>


More information about the openconnect-devel mailing list