pulse protocol and microsoft 2fa ?

Daniel Lenski dlenski at gmail.com
Wed Mar 30 14:51:32 PDT 2022


On Tue, Mar 29, 2022 at 2:50 PM Athanasios Silis
<athanasios.silis at gmail.com> wrote:
>
> Hi everyone,
> this is not a new question as I see but maybe the combination of options is.
> So my company has been using the pulse protocol for its vpn service.
> Microsoft 2FA will soon become unavoidable for the connection.
>
> I've installed the pulseUI client to see how it works and I must say
> I'd prefer it if I avoided any gui client. Openconnect has been great
> so far and I would like to keep it that way.
>
> Soooo, is there any solution to authenticate for the vpn through my
> microsoft account and connect to my company's vpn and do all that
> through the cli ??? :)
>
> I've seen some gp and saml wrapper scripts
> https://github.com/dlenski/openconnect
> https://github.com/libcthorne/samlwebcookie
> so i;m hopeful something exists for microsoft 2fa as well.

As of the recently-released OpenConnect v8.20, we have *partial*
support for Microsoft 2FA with the older Juniper/NC protocol, which
most Pulse servers support in addition to the newer Pulse protocol.
See recent comment with more pointers:
https://gitlab.com/openconnect/openconnect/-/issues/385

Please test and give us feedback. I recommend reading and engaging on
these issues if you encounter problems:
https://gitlab.com/openconnect/openconnect/-/issues?sort=updated_desc&state=all&label_name[]=External+Auth/SAML/SSO

Because the core OpenConnect developers don't have access to VPNs
implementing every one of these new types of authentication, our
ability to support and debug these is very limited, and we rely mostly
on users' contributions.

Dan



More information about the openconnect-devel mailing list