Open DimitriPapadopoulos opened 1 year ago
SAML is old school. Keycloak would be the new one.
@boopsy Does the FortiGate support Keycloack differently from SAML?
I don't know what Keycloack means on the client side, can you enlighten me?
My company is now changing to SAML sso so support for SAML would hbe greatly appreaciated
For external browser I implemented a script to retrieve token on repository https://github.com/filippor/XdgOpenSaml
the process is
1 start a server to listen on localhost:8020/?id=
you can see a sample implementation in this repo https://github.com/filippor/XdgOpenSaml/blob/main/XdgOpenSaml.java that write the cookie to standard out like openfortivpn-webview
XdgOpenSaml url:port | sudo openfortivpn url:port --cookie-on-stdin --pppd-use-peerdns=
In addition to / instead of supporting to the
--cookie
option (#173), wouldn't it make sense to add support for SAML (as discussed in https://github.com/adrienverge/openfortivpn/issues/867, https://github.com/adrienverge/openfortivpn/pull/1034, https://github.com/adrienverge/openfortivpn/pull/1042), starting a browser with Qt to get the VPN session cookie?