search

dlenski / gp-saml-gui

Interactively authenticate to GlobalProtect VPNs that require SAML
GNU General Public License v3.0
293 stars 66 forks source link

Can it use not webkit but Firefox? #80

Open vitaly-zdanevich opened 11 months ago

vitaly-zdanevich commented 11 months ago

Because webkit is a huge dependency, especially on Gentoo where it must be compiled.

dlenski commented 11 months ago

Can it use not webkit but Firefox?

Can it? Not currently, no :grimacing:. Pull requests to support alternative browsers would be perfectly welcome.

gp-saml-gui needs to inspect the HTTP headers and embedded HTML comments of the pages being loaded, because that's how GlobalProtect SAML signals "completion" of the authentication process.

That's the reason that gp-saml-gui needs an embedded browser: it needs to instrument the browser with hooks for HTTP headers and HTML comments.

As far as I know, there are no Python libraries that would make it easy to embed a Firefox/Gecko-based browser and instrument it in the needed way. Do you know of any?

vitaly-zdanevich commented 11 months ago

Maybe some terminal browsers, like link? Or curl?

dlenski commented 11 months ago

Maybe some terminal browsers, like link? Or curl?

Unlikely.

Most (perhaps all?) real SAML servers, like those of Microsoft or Okta, require JavaScript execution to complete authentication.

Have you tried actually using gp-saml-gui with a real GP VPN that requires SAML?

In any case, as I wrote above “Pull requests to support alternative browsers would be perfectly welcome.”