GlobalProtect gateway authorization fails

O. William McClung owmcclung at gmail.com
Wed Jun 23 16:15:08 PDT 2021


* Daniel Lenski <dlenski at gmail.com> [2021-06-21 17:58:30 -0700]:

> On Mon, Jun 21, 2021 at 10:21 AM O. William McClung <owmcclung at gmail.com> wrote:
...
> This case *appears* to correspond to a longstanding bug which I fixed
> in an as-yet-unmerged MR:
> https://gitlab.com/openconnect/openconnect/-/merge_requests/199
> 
> 1. If you just want to make it work ASAP…
...
> To try it, omit --portal from the gp-saml-gui command line, and point
> it at a gateway server address instead of the portal server address.

I could only get to the authentication (SAML login) by using -g and
a gateway:

$ gp-saml-gui -g -S
us-central-g-universi.gpo2ojjg5cnn.gw.gpcloudservice.com

and this led to "The application you have accessed is not registered
for use with this service." I.e. I couldn't authenticate.

> 2. If you really *need* to login via the portal, or want to help us
> fill in some more edge cases (please do 🙏🙏🙏)…
...
> Most (all?) of these cases should be fixed in
> https://gitlab.com/openconnect/openconnect/-/merge_requests/199
...
> Build from that branch and test if it
> works with the resulting OpenConnect executable. 

I successfully built openconnect from

https://gitlab.com/openconnect/openconnect/-/tree/GP_portal_to_gateway_auth_with_cookies

$ gp-saml-gui -p -S --clientos=Windows <my-vpn>

produces

openconnect: /usr/lib64/libopenconnect.so.5: version `OPENCONNECT_5_7' not found (required by openconnect)

-Bill




More information about the openconnect-devel mailing list