On Thu, 20 Mar 2025, Cline, Wade wrote:
On Wed, Mar 19, 2025 at 09:14:07PM -0600, Thomas Danhorn wrote:
Hi guys,
Thank you for making a great tool. I have been using it in conjunction with
the NetworkManager plugin to connect to a Palo Alto Global Protect VPN for
the last couple of years, and it worked great. For the last few months I
have been using it with a YubiKey. Recently, it suddenly stopped working
(512 server error after successful authentication), however, and through
trying different gl-saml-gui version, I am pretty sure that the problem is
that the SAML and cookie from the server response are now only in the
comment inside the HTML page, and no longer in its header.
Hi Thomas,
Have you tried adding '/portal:prelogin-cookie' to the 'Gateway' URL as
suggested in:
https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/issues/130#note_2367443
Regards,
Wade
Hi Wade,
Thank you very much for the quick respose. I just tried with
'/portal:prelogin-cookie', and the results are interesting. The
university has two VPN servers for two campuses, and it works on one (at
the end of the process it asks me to choose a gateway, although there is
only one choice), but it still fails with the 512 error on the other
(I used identical configurations, except for the server name).
Unfortuntely, the one that fails is the one I really need. I have not
looked at the SAML & cookie of the VPN server I can connect to, but I know
that for the failing one those things are only in the comment (not the
header).
Thanks,
Thomas
If I read the commit messages correctly, that seems to have been fixed 18
months ago (in commit 8c5d65889b), but there has been no new version tag
since 9.12 a few months earlier. Since Linux distros and packaging services
(e.g. openSUSE build service) go by the tags (since they signal a stable
version), there is no newer package than 9.12 available, and that does not
have the fix for the SAML-in-comment problem.
While I could probably compile the newest version from GitLab, it is
obviously easier to use a package, and I am not the only one with this
problem. I would therefore really appreciate it, if you could release 9.13
in the not-to-distant future. I'm getting by with gp-saml-gui, but it is
not as well integrated with NetworkManager and I don't have the options that
come with that, like routing only certain addresses through the VPN, so I'm
looking forward to the next version of opemconnect.
Thank you very much!
Thomas
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
