GlobalProtect gateway authorization fails

O. William McClung owmcclung at gmail.com
Wed Jun 23 17:41:06 PDT 2021 

I didn't purge my package manager's /usr/sbin/openconnect but fixed that and now

$ gp-saml-gui -p -S --clientos=Windows <my-vpn> -- --authgr
oup='US Central'

uses /usr/local/sbin/openconnect -vvv --dump and produces https://bpa.st/D2QA .


On Wed, Jun 23, 2021 at 7:28 PM O. William McClung <owmcclung at gmail.com> wrote:
>
> I didn't purge my package manager's /usr/sbin/openconnect but fixed that and now
>
> $ gp-saml-gui -p -S --clientos=Windows <my-vpn> -- --authgr
> oup='US Central'
>
> uses /usr/local/sbin/openconnect -vvv --dump and produces https://bpa.st/D2QA .
>
> On Wed, Jun 23, 2021 at 6:15 PM O. William McClung <owmcclung at gmail.com> wrote:
>>
>> * Daniel Lenski <dlenski at gmail.com> [2021-06-21 17:58:30 -0700]:
>>
>> > On Mon, Jun 21, 2021 at 10:21 AM O. William McClung <owmcclung at gmail.com> wrote:
>> ...
>> > This case *appears* to correspond to a longstanding bug which I fixed
>> > in an as-yet-unmerged MR:
>> > https://gitlab.com/openconnect/openconnect/-/merge_requests/199
>> >
>> > 1. If you just want to make it work ASAP…
>> ...
>> > To try it, omit --portal from the gp-saml-gui command line, and point
>> > it at a gateway server address instead of the portal server address.
>>
>> I could only get to the authentication (SAML login) by using -g and
>> a gateway:
>>
>> $ gp-saml-gui -g -S
>> us-central-g-universi.gpo2ojjg5cnn.gw.gpcloudservice.com
>>
>> and this led to "The application you have accessed is not registered
>> for use with this service." I.e. I couldn't authenticate.
>>
>> > 2. If you really *need* to login via the portal, or want to help us
>> > fill in some more edge cases (please do )…
>> ...
>> > Most (all?) of these cases should be fixed in
>> > https://gitlab.com/openconnect/openconnect/-/merge_requests/199
>> ...
>> > Build from that branch and test if it
>> > works with the resulting OpenConnect executable.
>>
>> I successfully built openconnect from
>>
>> https://gitlab.com/openconnect/openconnect/-/tree/GP_portal_to_gateway_auth_with_cookies
>>
>> $ gp-saml-gui -p -S --clientos=Windows <my-vpn>
>>
>> produces
>>
>> openconnect: /usr/lib64/libopenconnect.so.5: version `OPENCONNECT_5_7' not found (required by openconnect)
>>
>> -Bill
>>

More information about the openconnect-devel mailing list