pulse protocol and microsoft 2fa ?

Athanasios Silis athanasios.silis at gmail.com
Tue Mar 29 14:49:42 PDT 2022


Hi everyone,
this is not a new question as I see but maybe the combination of options is.
So my company has been using the pulse protocol for its vpn service.
Microsoft 2FA will soon become unavoidable for the connection.

I've installed the pulseUI client to see how it works and I must say
I'd prefer it if I avoided any gui client. Openconnect has been great
so far and I would like to keep it that way.

Soooo, is there any solution to authenticate for the vpn through my
microsoft account and connect to my company's vpn and do all that
through the cli ??? :)

I've seen some gp and saml wrapper scripts
https://github.com/dlenski/openconnect
https://github.com/libcthorne/samlwebcookie
so i;m hopeful something exists for microsoft 2fa as well.

The SAML link looked promising for my case as well but running this
burned my hopes to the ground.

$ export SWC_OUTPUT_FILE=<(:) && samlwebcookie $VPN_SRV
--username=me at thecomp.com --password=1234
--output-file=$SWC_OUTPUT_FILE && . $SWC_OUTPUT_FILE
Traceback (most recent call last):
  File "/home/nass/.local/bin/samlwebcookie", line 8, in <module>
    sys.exit(main())
  File "/home/nass/.local/lib/python3.6/site-packages/webcookie.py",
line 52, in main
    fs_auth_login_url = r.headers["Location"]
  File "/usr/lib/python3/dist-packages/requests/structures.py", line
54, in __getitem__
    return self._store[key.lower()][1]
KeyError: 'location'

Perhaps I use it wrong or is there another way??


Thank you in advance for your help,
Athanasios


On Wed, Mar 30, 2022 at 12:12 AM Athanasios Silis
<athanasios.silis at gmail.com> wrote:
>
> Hi everyone,
> this is not a new question as I see but maybe the combination of options is.
> So my company has been using the pulse protocol for its vpn service.
> Microsoft 2FA will soon become unavoidable for the connection.
>
> I've installed the pulseUI client to see how it works and I must say I'd prefer it if I avoided any gui client. Openconnect has been great so far and I would like to keep it that way.
>
> Soooo, is there any solution to authenticate for the vpn through my microsoft account and connect to my company's vpn and do all that through the cli ??? :)
>
> I've seen some gp and saml wrapper scripts
> https://github.com/dlenski/openconnect
> https://github.com/libcthorne/samlwebcookie
> so i;m hopeful something exists for microsoft 2fa as well.
>
> The SAML link looked promising for my case as well but running this burned my hopes to the ground.
> $ export SWC_OUTPUT_FILE=<(:) && samlwebcookie $VPN_SRV --username=me at thecomp.com --password=1234 --output-file=$SWC_OUTPUT_FILE && . $SWC_OUTPUT_FILE
> Traceback (most recent call last):
>   File "/home/nass/.local/bin/samlwebcookie", line 8, in <module>
>     sys.exit(main())
>   File "/home/nass/.local/lib/python3.6/site-packages/webcookie.py", line 52, in main
>     fs_auth_login_url = r.headers["Location"]
>   File "/usr/lib/python3/dist-packages/requests/structures.py", line 54, in __getitem__
>     return self._store[key.lower()][1]
> KeyError: 'location'
>
> Perhaps I use it wrong or is there another way??
>
>
> Thank you in advance for your help,
> Athanasios



More information about the openconnect-devel mailing list