GlobalProtect gateway authorization fails
O. William McClung
owmcclung at gmail.com
Wed Jun 23 16:15:08 PDT 2021
* Daniel Lenski <dlenski at gmail.com> [2021-06-21 17:58:30 -0700]:
> On Mon, Jun 21, 2021 at 10:21 AM O. William McClung <owmcclung at gmail.com> wrote:
...
> This case *appears* to correspond to a longstanding bug which I fixed
> in an as-yet-unmerged MR:
> https://gitlab.com/openconnect/openconnect/-/merge_requests/199
>
> 1. If you just want to make it work ASAP…
...
> To try it, omit --portal from the gp-saml-gui command line, and point
> it at a gateway server address instead of the portal server address.
I could only get to the authentication (SAML login) by using -g and
a gateway:
$ gp-saml-gui -g -S
us-central-g-universi.gpo2ojjg5cnn.gw.gpcloudservice.com
and this led to "The application you have accessed is not registered
for use with this service." I.e. I couldn't authenticate.
> 2. If you really *need* to login via the portal, or want to help us
> fill in some more edge cases (please do 🙏🙏🙏)…
...
> Most (all?) of these cases should be fixed in
> https://gitlab.com/openconnect/openconnect/-/merge_requests/199
...
> Build from that branch and test if it
> works with the resulting OpenConnect executable.
I successfully built openconnect from
https://gitlab.com/openconnect/openconnect/-/tree/GP_portal_to_gateway_auth_with_cookies
$ gp-saml-gui -p -S --clientos=Windows <my-vpn>
produces
openconnect: /usr/lib64/libopenconnect.so.5: version `OPENCONNECT_5_7' not found (required by openconnect)
-Bill
More information about the openconnect-devel
mailing list