Supporting Globalprotect when SAML auth is required at both portal and gateway

Karl O. Pinc kop at karlpinc.com
Wed Jul 24 12:35:45 PDT 2024


Hi,

I've submitted at PR at gitlab
https://gitlab.com/openconnect/openconnect/-/merge_requests/564
to add support for when SAML authentication must happen at both the
portal and the gateway, so SAML auth happens twice and produces
two different cookies.  The PR also adds to the Globalprotect
documentation on SAML authentication.

It's not clear how the development process goes, but I am somewhat
relying on this feature and don't want to maintain my own fork
forever.  So I'm writing to see if there's anything else I
need to do to facilitate progress.

I am also writing to let you, and the people associated with
gp-saml-gui, know that Globalprotect now has server configurations
which require this sort of authentication.  See, e.g.:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClQXCA0

Thanks for the help.

Regards,

Karl <kop at karlpinc.com>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein



More information about the openconnect-devel mailing list