On Thu, Sep 28, 2023 at 3:06 AM julio toribio <juliothebat...@gmail.com> wrote: > > I'm using Windows and trying to connect to a VPN(Fortinet) but by > default SAML is used to authenticate. When we hit connect in > Forticlient, a web browser is launched, we authenticate in i.e > Microsoft, then Forticlient is connected.
> I saw the option --external-browser=BROWSER but openconnects complains > with "openconnect.exe: unknown option -- external-browser" > I tried replacing the "=" for an empty space (--external-browser > "C:\P...") but still the same result. > I'm I missing something? The short answer here is that OpenConnect does not yet have any support for SAML-based authentication using an external browser **with the Fortinet protocol**. See a related issue on GitLab: https://gitlab.com/openconnect/openconnect/-/issues/?state=all&label_name%5B%5D=protocol%3A%3AFortinet&label_name%5B%5D=External%20Auth%2FSAML%2FSSO As far as I know, none of the main OpenConnect developers have any access to a Fortinet VPN that uses SAML, so without a lot more details about *how* Fortinet does this SAML authentication (see https://gitlab.com/openconnect/openconnect/-/issues/356#note_912401634), it will not happen. As ever, more details on how it works (especially in the form of a merge request with working code :-)) would be welcome! _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
