[plasma-nm] [Bug 482165] Unable to connect to Fortinet based VPN using openconnect when SSO is required

Fri, 11 Oct 2024 02:06:34 -0700 

https://bugs.kde.org/show_bug.cgi?id=482165

Vincenzo Reale <smart212...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |smart212...@gmail.com

--- Comment #2 from Vincenzo Reale <smart212...@gmail.com> ---
I hoped it would have been fully integrated in Plasma 6.2, based on some
webauth patches I had recently seen.
Looking at the debug log, it seems that it isn't able to retrieve the required
cookie.

GET https://<VPN_ENDPOINT>/
Attempting to connect to server VPN_ENDPOINT:443
Connected to VPN_ENDPOINT:443
SSL negotiation with VPN_ENDPOINT
Server certificate verify failed: signer not found
Connected to HTTPS on VPN_ENDPOINT with ciphersuite
(TLS1.2)-(ECDHE-SECP384R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 200 OK
Date: Fri, 11 Oct 2024 08:42:46 GMT
ETag: "83-65bac8f5"
Accept-Ranges: bytes
Content-Length: 131
Content-Type: text/html
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src
'self' https:  'unsafe-eval' 'unsafe-inline' blob:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
HTTP body length:  (131)
POST https:/VPN_ENDPOINT/remote/logincheck
Got HTTP response: HTTP/1.1 200 OK
Date: Fri, 11 Oct 2024 08:43:01 GMT
Set-Cookie:  SVPNCOOKIE=; path=/; expires=Sun, 11 Mar 1984 12:00:00 GMT;
secure; httponly; SameSite=Strict;
Set-Cookie: SVPNNETWORKCOOKIE=; path=/remote/network; expires=Sun, 11 Mar 1984
12:00:00 GMT; secure; httponly; SameSite=Strict
X-UA-Compatible: requiresActiveX=true
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src
'self' https:  'unsafe-eval' 'unsafe-inline' blob:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
HTTP body chunked (-2)

Using openconnect, you can retrieve it with openfortivpn-webview:
openconnect --protocol=fortinet -C "$(openfortivpn-webview VPN_ENDPOINT)"
VPN_ENDPOINT

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to