On Fri, Mar 4, 2022 at 9:55 AM Adam Mercer <ramer...@gmail.com> wrote: > > Hi > > We use a GlobalProtect VPN at work and they recently required the > usage of Microsoft MFA when connecting, I've been trying to get this > working with openconnect but have been having problems. I've built the > latest client from git and am using: > > # openconnect --protocol=gp vpn.address.com > > and this results in: > > SAML REDIRECT authentication is required via > https://login.microsoftonline.com/<string>/saml2?SAMLRequest=<strong>RelayState=<string>%3D%3D > When SAML authentication is complete, specify destination form field > by appending :field_name to login URL. > > If I visit the URL in my browser I see > > Login Successful! > > How do I determine field_name from this?
This is an area of active and ongoing development in OpenConnect, due to the recent proliferation of VPNs that use single-sign-on services (like Microsoft's or Okta's) for authentication. For now, I recommend that you try out https://github.com/dlenski/gp-saml-gui, which is a front-end script that I wrote to do the authentication via a graphical pop-up, and then to pass the correct arguments along to OpenConnect. There are other scripts, but this is the one that I wrote and understand, and there is also work-in-progress to integrate this into OpenConnect itself but… don't hold your breath 😁. Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
