Available for support for F5 + MFA
Antonio Petrelli
antonio.petrelli at gmail.com
Mon Aug 23 03:31:25 PDT 2021
Hello, sorry but I've been on holidays, so I apologize for my slow
response too :-D
Il giorno mer 11 ago 2021 alle ore 02:42 Daniel Lenski
<dlenski at gmail.com> ha scritto:
> f5-vpn://<corporate-vpn-host-name>?server=<corporate-vpn-host-name>&resourcename=/Common/SSL_VPN_Portal_Import-<id-variable-part>&resourcetype=network_access&cmd=launch&protocol=https&port=443&sid=nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn&token=<some-hex-encoded-value>&otc=<access-session-token>
>
> Can you confirm that the value of the 'sid' field in the f5-vpn:// URI
> precisely matches the value of the MRHSession cookie sent in the
> get_token_for_sessid.php3 request seen in the browser login? My
> expectation is YES, they should be identical. SID appears to be one of
> the many names used inconsistently for this 32-hex-digit value.
No, the sid value is literally nnnn...., this is pretty strange...
> > What to do now?
>
> Do a MITM capture of the f5vpn binary, and figure out what request(s)
> it sends involving the access-session-token value.
I managed to do it on 5th August, but then I went on holidays, so here
you can see the conversation log I managed to take:
https://pastebin.com/BpKWJDfL
The cool thing is that some of the parameters that are sent to f5vpn
via the f5-vpn://... URL seem not to be used, such as "sid".
I have some doubts about the ${f5stNotSetAnywhere} cookie, since it
seems not to be set anywhere...
Let me know your thoughts.
Thanks
Antonio
More information about the openconnect-devel
mailing list