Available for support for F5 + MFA

Daniel Lenski dlenski at gmail.com
Tue Aug 3 08:02:36 PDT 2021


On Tue, Aug 3, 2021 at 1:22 AM Antonio Petrelli
<antonio.petrelli at gmail.com> wrote:
> Hello
> At my firm we are using F5 and MFA from Microsoft. I noticed in the
> website that, in case I have a different authentication than
> username+password, it would be nice to contact you to add support for
> a different authentication mechanism.

Thanks! I suspect that this probably involves some kind of handoff
mechanism like SAML, as we already know of for the GlobalProtect and
AnyConnect protocols.

> So here am I, feel free to contact me and I will try to assist you in
> adding support.

Can you successfully login by visiting the login page in a browser,
then capturing whatever tokens result from it, and injecting those
into OpenConnect? (whether in the form of a surrogate one-time-use
password, or perhaps an MRHSession cookie)

If so, writing an external authentication wrapper script modeled on
https://github.com/dlenski/smxlogin would be a good place to start
here.

Dan



More information about the openconnect-devel mailing list