rezekdan
commented
1 year ago tested this within our company and it works now
Closed ByteCommander closed 1 year ago
rezekdan
commented
1 year ago tested this within our company and it works now
ByteCommander
commented
1 year ago Any further updates or review comments on this, before it could get merged? @dlenski
fang0654
commented
1 year ago Just chiming in that one of the VPNs I've been using stopped working overnight, and it turns out this was the issue, and this PR fixed it!
messiahUA
commented
1 year ago I hope this will be merged eventually.
dlenski
commented
1 year ago Thank you @ByteCommander for your patience and refinement here.
I tweaked the PR slightly (squash commits, cleanup), and tested it against OpenConnect's fake-gp-server.py (which is the only GP SAML server tha I have access to right now :man_shrugging:)
In OpenConnect v9.10 directory:
$ cd openconnect/tests
$ ./fake-gp-server.py localhost 80000 certs/server-{cert,key}.pem &Configure the fake server for SAML on the portal, with handoff to the gateway login, both using the portal-userauthcookie:
$ curl -k https://localhost:8000/CONFIGURE -d portal_saml=portal-userauthcookie -d portal_cookie=portal-userauthcookie
$ curl -k https://localhost:8000/CONFIGURE
Current configuration of fake GP server configuration:
TestConfiguration(gateways=('Default gateway',), portal_2fa=None, gw_2fa=None, portal_cookie='portal-userauthcookie', portal_saml='portal-userauthcookie', gateway_saml=None)Use gp-saml-gui localhost:8000 to do SAML authentication, verify that it works.
fixes https://github.com/dlenski/gp-saml-gui/issues/51
If there are no SAML and/or prelogin-cookie related headers found in the server responses, this PR adds the functionality to check the response body for those values in embedded XML documents inside any HTML body comments.