Does OpenConnect give the Pulse appliance the hostname associated with user authentication?
Schütz Dominik
Dominik.Schuetz at esolutions.de
Thu Nov 3 14:17:29 PDT 2022
Hi,
I have a question in connection with OpenConnect (currently v9.01+74+g76dc679-0+113.1) and the Pulse Secure Appliance (currently 9.1R14).
We authenticate with "protocol=pulse" and "protocol=nc" either with username + password (case 1) or with our smartcard (case 2).
We would like to add a check on our Pulse appliance, if the hostname with which the user authenticates via username + password or smartcard is in a certain Active Directory group, it should be moved to another role.
My question now is whether OpenConnect gives the Pulse Appliance the host name associated with the user authentication?
And if the host name is transferred, how can it be used in the Pulse Appliance for an AD group check?
case 1:
dominik at host1:~$ sudo openconnect --script=/etc/vpnc/vpnc-script --cafile=/usr/local/share/ca-certificates/xxx.crt --protocol=pulse "https://vpn-gateway/linux"
dominik at host1:~$ sudo openconnect --script=/etc/vpnc/vpnc-script --cafile=/usr/local/share/ca-certificates/xxx.crt --protocol=nc "https://vpn-gateway/linux"
case 2:
dominik at host1:~$ sudo openconnect --script=/etc/vpnc/vpnc-script --cafile=/usr/local/share/ca-certificates/xxx.crt --certificate=pkcs11:model=JavaCardOS;manufacturer=xxx;serial=xxx;token=xxx;id=xxx;type=cert --cert-expire-warning=60 --protocol=pulse "https://vpn-gateway/linuxc"
dominik at host1:~$ sudo openconnect --script=/etc/vpnc/vpnc-script --cafile=/usr/local/share/ca-certificates/xxx.crt --certificate=pkcs11:model=JavaCardOS;manufacturer=xxx;serial=xxx;token=xxx;id=xxx;type=cert --cert-expire-warning=60 --protocol=nc "https://vpn-gateway/linuxc"
Regards,
Dominik
e.solutions GmbH
Despag-Straße 4a, 85055 Ingolstadt,
Phone +49845833321287
Dominik.Schuetz at esolutions.de
Please, find my mail encryption keys at: https://secmail.esolutions.de
Registered Office:
e.solutions GmbH
Despag-Straße 4a, 85055 Ingolstadt, Germany
Managing Directors Uwe Reder, Rainer Lange
Register Court Ingolstadt HRB 5221
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 8066 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20221103/8cbf5472/attachment.p7s>
More information about the openconnect-devel
mailing list