[plasma-nm] [Bug 444500] New: GlobalProtect SAML request/response ignored

Wed, 27 Oct 2021 10:56:17 -0700 

https://bugs.kde.org/show_bug.cgi?id=444500

            Bug ID: 444500
           Summary: GlobalProtect SAML request/response ignored
           Product: plasma-nm
           Version: 5.22.5
          Platform: Fedora RPMs
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: jgrul...@redhat.com
          Reporter: jdbar...@isi.edu
  Target Milestone: ---

SUMMARY
Globalprotect servers that ask for SAML login do not interactively request
additional information.

STEPS TO REPRODUCE
1. Create connection with openconnect gp plugin for server that requires a SAML
auth
2. Attempt connect
3. Authentication always fails because SAML requests appear to be ignored

OBSERVED RESULT

POST
https://vpn.host.net/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux
Attempting to connect to server ip.v4.host.addr:443
Connected to ip.v4.host.addr:443
SSL negotiation with vpn.host.net
Connected to HTTPS on vpn.host.net with ciphersuite
(TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 200 OK
Date: Fri, 15 Oct 2021 21:17:58 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 2104
Connection: keep-alive
ETag: "167860b854d7"
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly
Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly
Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly
Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly
Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly
Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly
Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly
Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly
Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly
Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly
Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly
Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; path=/; secure;
httponly
Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline';
img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length:  (2104)
SAML POST authentication is required via external script.
When SAML authentication is complete, specify destination form field by
appending :field_name to login URL.
Failed to parse server response
Response was:<?xml version="1.0" encoding="UTF-8" ?>
<prelogin-response>
<status>Success</status>
<ccusername></ccusername>
<autosubmit>false</autosubmit>
<msg></msg>
<newmsg></newmsg>
<authentication-message>login through Okta</authentication-message>
<username-label>Username</username-label>
<password-label>Password</password-label>
<panos-version>1</panos-version>
<saml-default-browser>yes</saml-default-browser><saml-auth-status>0</saml-auth-status>
<saml-auth-method>POST</saml-auth-method>
<saml-request-timeout>600</saml-request-timeout>
<saml-request-id>0</saml-request-id><saml-request>PG...
... very long stuff ...
...DQo=</saml-request><region>US</region>
</prelogin-response>



EXPECTED RESULT


SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to