Support Auth providers

[siavashs]

I tested the plugin but unfortunately it does not work when you use an authentication provider like OneLogin. The client is redirected to OneLogin to do the authentication and then redirected back to the main VPN site. I guess it would be possible to delegate this to either GTKWebkit or even better to the user's default Web Browser where they might be already authenticated on OneLogin to speed up the process. Let me know what you think about such an implementation, I might be able to even contribute this feature with some help or guidance.

[ohwgiles]

I actually implemented exactly this very recently. See 807a7f208e084364fc80b5170223004f42526e48. In the VPN options, enable "Use Browser Authentication".

It probably doesn't work stably on all deployments, so I would totally appreciate any assistance fixing/improving it.

[siavashs]

Nice work. I just tested with an existing connection I had and enabled the option but unfortunately it does not work: No browser tabs open to do the actual authentication. The logs don't show any useful information:

Jul 31 14:25:02 arch NetworkManager[17213]: <info>  [1627734302.8087] vpn-connection[0x560cc9e9e100,dd4e8d4c-4fb6-40e3-8ade-2e65a5d65c33,"Test",0]: Started the VPN service, PID 18066
Jul 31 14:25:02 arch NetworkManager[17213]: <info>  [1627734302.8303] vpn-connection[0x560cc9e9e100,dd4e8d4c-4fb6-40e3-8ade-2e65a5d65c33,"Test",0]: Saw the service appear; activating connection

I tried to recreate the VPN connection but now the GNOME setting UI fails to save the use-browser-auth setting. I managed to use nmcli to update the settings, but it still did not work.

Let me know if you need more information to debug this issue.

[ohwgiles]

Thanks for trying it out. I've pushed a couple of commits which hopefully fix all the issues you encountered. Please try again with the latest master.

[siavashs]

Great job, it works! The only minor issue is that the F5 web portal does not detect if the app is authenticated:

[ohwgiles]

Yeah. Probably the plugin needs to send another request to the backend providing the token parameter from the f5v-vpn:// URI. Behaviour of the proprietary app needs to be checked here. Not a priority for me just now; a PR or curl invocation would be a great help.