Does OpenConnect give the Pulse appliance the hostname associated with user authentication?
Info Skymem
info at skymem.com
Thu Nov 3 16:20:13 PDT 2022
Hi,
thank you for your information.
On our website you can find email addresses of companies and people.
https://www.skymem.info
In short, it’s like Google for emails.
Best regards,
Robert,
Skymem team
On Thu, Nov 3, 2022 at 10:18 PM Schütz Dominik
<Dominik.Schuetz at esolutions.de> wrote:
>
> Hi,
>
> I have a question in connection with OpenConnect (currently v9.01+74+g76dc679-0+113.1) and the Pulse Secure Appliance (currently 9.1R14).
>
> We authenticate with "protocol=pulse" and "protocol=nc" either with username + password (case 1) or with our smartcard (case 2).
>
>
> We would like to add a check on our Pulse appliance, if the hostname with which the user authenticates via username + password or smartcard is in a certain Active Directory group, it should be moved to another role.
>
> My question now is whether OpenConnect gives the Pulse Appliance the host name associated with the user authentication?
>
> And if the host name is transferred, how can it be used in the Pulse Appliance for an AD group check?
>
>
> case 1:
> dominik at host1:~$ sudo openconnect --script=/etc/vpnc/vpnc-script --cafile=/usr/local/share/ca-certificates/xxx.crt --protocol=pulse "https://vpn-gateway/linux"
>
> dominik at host1:~$ sudo openconnect --script=/etc/vpnc/vpnc-script --cafile=/usr/local/share/ca-certificates/xxx.crt --protocol=nc "https://vpn-gateway/linux"
>
>
> case 2:
> dominik at host1:~$ sudo openconnect --script=/etc/vpnc/vpnc-script --cafile=/usr/local/share/ca-certificates/xxx.crt --certificate=pkcs11:model=JavaCardOS;manufacturer=xxx;serial=xxx;token=xxx;id=xxx;type=cert --cert-expire-warning=60 --protocol=pulse "https://vpn-gateway/linuxc"
>
> dominik at host1:~$ sudo openconnect --script=/etc/vpnc/vpnc-script --cafile=/usr/local/share/ca-certificates/xxx.crt --certificate=pkcs11:model=JavaCardOS;manufacturer=xxx;serial=xxx;token=xxx;id=xxx;type=cert --cert-expire-warning=60 --protocol=nc "https://vpn-gateway/linuxc"
>
>
> Regards,
> Dominik
> e.solutions GmbH
>
> Despag-Straße 4a, 85055 Ingolstadt,
>
> Phone +49845833321287
>
> Dominik.Schuetz at esolutions.de
> Please, find my mail encryption keys at: https://secmail.esolutions.de
>
> Registered Office:
> e.solutions GmbH
> Despag-Straße 4a, 85055 Ingolstadt, Germany
> Managing Directors Uwe Reder, Rainer Lange
> Register Court Ingolstadt HRB 5221
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel
More information about the openconnect-devel
mailing list