On Fri, Oct 14, 2022 at 7:48 AM LeJacq, Jean Pierre <jeanpierre.lej...@quoininc.com> wrote: > > I'm trying to use OpenConnect's with the relatively new F5 protocol support. > > I'm running into problems with the initial handshake and looking for some > advice on how to debug. > > My environment is the following. I have confirmed that I can connect using the > Windows 11 F5 client. > > OS: Debian Buster (stable) > Version: OpenConnect version v9.01-1~bpo11+1. > > The problem seems to be that instead of establishing the connection, I'm > immediately redirected to a logout page saying this is an unsupported browser. > Using an explicit Windows 11 user agent string does not eliminate the warning > about a non-supported browser.
Based on your site's "supported browsers" page (http://atnyulmc.org/help-documentation/quick-view-os-browser-support-matrix), it appears that they allow only a ridiculously narrow and mostly obsolete set of browsers, e.g. only the 32-bit (😵) version of IE11 (😵) on Windows 10 (😵). I played around with a few different values and couldn't get it to work, but didn't go so far as trying an actual Windows browser. Can you try to emulate <whatever the Windows 11 F5 client sends exactly>? > I'm thinking I need to provide another cookie but don't see how to determine > which one might be required. If additional parameters or requests/responses are needed to satisfy this server, and you can't figure them out by guessing or inspecting the official client… you would like need to get a MITM capture of the official client interacting with your server. I've written some documentation of how to do that here: https://www.infradead.org/openconnect/mitm.html However, since the login apparently uses an *external web browser*, it should be fairly easy for you to follow the browser/server interaction using IE/Firefox/Chrome dev tools in a supported Windows browser. If you can capture the F5_ST and MRHSession cookies from a successful authentication on Windows, then you can use them to (re)connect from OpenConnect with: openconnect --protocol=f5 my.server.com --cookie "MRHSession=VALUE; F5_ST=VALUE" Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
