On Wed, May 4, 2022 at 3:11 AM David Woodhouse <dw...@infradead.org> wrote: > > On Wed, 2022-05-04 at 09:36 +0000, Schütz Dominik wrote: > > Hi, > > > > how can I specify a realm with "--protocol=pulse"? > > # output without specify realm > > Choose Pulse user realm: > > Realm: > > [REALM_xxx_Productive|REALM_xxx_Limited_Initial_Network|REALM_xxx_Limited_Machine_Network]:REALM_xxx_Limited_Machine_Network > > > > > > With "--protocol=nc" I specify the realm as follows: > > # output without specify realm > > frmLogin > > realm > > [REALM_xxx_Productive|REALM_xxx_Limited_Initial_Network|REALM_xxx_Limited_Machine_Network]:REALM_xxx_Limited_Machine_Network > > > > # command with realm > > dominik at host1:~$ sudo openconnect --script=/root/vpnc-script > > --protocol=nc --form-entry=frmLogin:realm=REALM_xxx_Limited_Machine_Network > > https://vpn-gateway/linux > > For pulse I think you want '-F pulse_realm_entry:realm=REALM_xxx_Foo'
It's not necessary to use -F/--form-entry here ☺ It should also work fine with `--authgroup` (https://gitlab.com/openconnect/openconnect/blob/master/pulse.c#L785-787), e.g. `--authgroup REALM_xxx_Foo`. The name "auth group" originally came from Cisco, but the option `--authgroup` now works with all other protocols that allow the user to select some kind of dropdown. We even have tests to verify that the client propagates this value as expected, in all the protocols where it's supported and where we have authentication tests. Juniper/NC: https://gitlab.com/openconnect/openconnect/-/blob/master/tests/juniper-auth#L45-47 GlobalProtect: https://gitlab.com/openconnect/openconnect/-/blob/master/tests/gp-auth-and-config#L44-46 F5: https://gitlab.com/openconnect/openconnect/-/blob/master/tests/f5-auth-and-config#L50-52 Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
