lsx1205
commented
1 month ago The oauth2 plug-in I use uses oauth protocol to interconnect with casdoor for identity authentication. In this case, the authentication of the username and password is delayed, and the username and password are jumped to casdoor for authentication, but the openvpn server does not record the username information. But the openvpn client's user information is casdoor's user id
schwabe
according to my current thinking, openvpn collects information about users according to the auth-user-pass option, which I do not use. The authentication method I use as casdoor, oauth2, is after auth-user-pass. auth-user-pass has defined username at this time, and the username of casdoor collected later cannot override it. Can I improve this if I call oauth2 first for authentication? Does it work?
log: peer info: IV_AUTO_SESS=1 peer info: IV_GUI_VER=OCmacOS_3.4.9-4830 peer info: IV_SSO=webauth,crtext
TLS: Username/Password authentication deferred for username '' [CN SET] TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1 TLS: tls_multi_process: initial untrusted session promoted to semi-trusted MANAGEMENT: CMD 'client-pending-auth 1 1 "WEB_AUTH::http://xxxxxxxxx:443/oauth2/start?state=T3GCZurZBtGwiSmVUyrY-FAOXTaNXHzSn3hzux9cpWcOJNorVBwlFEY4fBmQA1HuPY5-oOp8WLtQM6IklRNOfiRpRQKrYO2OZY_2oQES" 120' SENT CONTROL []: 'AUTH_PENDING,timeout 120' (status=1)