not working all of a sudden

dlenski / gp-saml-gui

Interactively authenticate to GlobalProtect VPNs that require SAML

GNU General Public License v3.0

293 stars 66 forks source link

not working all of a sudden #71

Open bzahariev opened 1 year ago

bzahariev commented 1 year ago

Until yesterday it would output a command line to use to connect, but now it doesn't:

Screenshot at 2023-04-06 16-30-48

dlenski commented 1 year ago

Well, gp-saml-gui probably didn't magically break itself. What else changed… either on your system or on the VPN/SAML server?

Use gp-saml-gui --external to open the SAML login flow in an external browser, where you can step through it with the debugger (e.g. Chrome or Firefox dev tools).

bzahariev commented 1 year ago

Don't know how to use a browser debugger but one thing that have changed is that now I need to use --allow-insecure-crypto so something must have changed on those servers. How should I debug that?

dlenski commented 1 year ago

Don't know how to use a browser debugger …

Your ability and motivation to learn to use relevant tools to gain additional information… almost certainly outstrips my ability and motivation to make speculative guesses about what's going with your client, or server, or intermediate systems.

How should I debug that?

Among other things, perhaps add some logging statements around the apparent source of the exception, according to your screenshot. https://github.com/dlenski/gp-saml-gui/blob/master/gp_saml_gui.py#L113

… but one thing that have changed is that now I need to use --allow-insecure-crypto so something must have changed on those servers.

Either that or you upgraded your packages and/or OS to a version that's more picky about rejecting obsolete/potentially-insecure crypto. But again, I'm speculating based on little to no information.

bzahariev commented 1 year ago

Don't have the time to give to side projects but I solved my issue by installing https://github.com/yuezk/GlobalProtect-openconnect , works like a charm. May revisit in the future when I have more time. Thx for your help though

jakobfp commented 1 year ago

I have the same issue.

With using --external I noticed that in my case the response headers are capitalized, e.g. Prelogin-Cookie or Saml-Username. Thus, they are not filtered in line https://github.com/dlenski/gp-saml-gui/blob/master/gp_saml_gui.py#L124 and the GUI is stuck.

This patch of https://github.com/dlenski/gp-saml-gui/blob/master/gp_saml_gui.py made it work for me:

@@ -119,7 +119,7 @@ class SAMLLoginView:

         # convert to normal dict
         d = {}
-        h.foreach(lambda k, v: setitem(d, k, v))
+        h.foreach(lambda k, v: setitem(d, k.lower(), v))
         # filter to interesting headers
         fd = {name:v for name, v in d.items() if name.startswith('saml-') or name in ('prelogin-cookie', 'portal-userauthcookie')}
         if fd and self.verbose:

dlenski commented 1 year ago

Thank you @jakobfp for the clear actionable finding here. Pushed this change as 085d3276e17e1094e22e5d49545e273147598eb4.

wtcline-intc commented 11 months ago

@dlenski Confirming that 085d327 fixes the issue, thank you!