Does OpenConnect give the Pulse appliance the hostname associated with user authentication?

Thu, 03 Nov 2022 14:18:28 -0700 

Hi,

I have a question in connection with OpenConnect (currently 
v9.01+74+g76dc679-0+113.1) and the Pulse Secure Appliance (currently 9.1R14).

We authenticate with "protocol=pulse" and "protocol=nc" either with username + 
password (case 1) or with our smartcard (case 2).


We would like to add a check on our Pulse appliance, if the hostname with which 
the user authenticates via username + password or smartcard is in a certain 
Active Directory group, it should be moved to another role.

My question now is whether OpenConnect gives the Pulse Appliance the host name 
associated with the user authentication?

And if the host name is transferred, how can it be used in the Pulse Appliance 
for an AD group check?


case 1:
dominik@host1:~$ sudo openconnect --script=/etc/vpnc/vpnc-script 
--cafile=/usr/local/share/ca-certificates/xxx.crt --protocol=pulse 
"https://vpn-gateway/linux";

dominik@host1:~$ sudo openconnect --script=/etc/vpnc/vpnc-script 
--cafile=/usr/local/share/ca-certificates/xxx.crt --protocol=nc 
"https://vpn-gateway/linux";


case 2:
dominik@host1:~$ sudo openconnect --script=/etc/vpnc/vpnc-script 
--cafile=/usr/local/share/ca-certificates/xxx.crt 
--certificate=pkcs11:model=JavaCardOS;manufacturer=xxx;serial=xxx;token=xxx;id=xxx;type=cert
 --cert-expire-warning=60 --protocol=pulse "https://vpn-gateway/linuxc";

dominik@host1:~$ sudo openconnect --script=/etc/vpnc/vpnc-script 
--cafile=/usr/local/share/ca-certificates/xxx.crt 
--certificate=pkcs11:model=JavaCardOS;manufacturer=xxx;serial=xxx;token=xxx;id=xxx;type=cert
 --cert-expire-warning=60 --protocol=nc "https://vpn-gateway/linuxc";


Regards,
Dominik
e.solutions GmbH 

Despag-Straße 4a, 85055 Ingolstadt,  

Phone +49845833321287
 
dominik.schu...@esolutions.de
Please, find my mail encryption keys at: https://secmail.esolutions.de

Registered Office: 
e.solutions GmbH
Despag-Straße 4a, 85055 Ingolstadt, Germany  
Managing Directors Uwe Reder, Rainer Lange
Register Court Ingolstadt HRB 5221

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel

Reply via email to