SAML support?

[DimitriPapadopoulos]

In addition to / instead of supporting to the --cookie option (#173), wouldn't it make sense to add support for SAML (as discussed in https://github.com/adrienverge/openfortivpn/issues/867, https://github.com/adrienverge/openfortivpn/pull/1034, https://github.com/adrienverge/openfortivpn/pull/1042), starting a browser with Qt to get the VPN session cookie?

[boospy]

SAML is old school. Keycloak would be the new one.

https://www.keycloak.org/

https://www.univention.de/produkte/app-katalog/keycloak/

[DimitriPapadopoulos]

@boopsy Does the FortiGate support Keycloack differently from SAML?

• Technical Tip: SAML SSO - Configuration with Keycloak
• Fortigate: SAML authentication in firewall policy with Keycloak

I don't know what Keycloack means on the client side, can you enlighten me?

[ssorgatem]

My company is now changing to SAML sso so support for SAML would hbe greatly appreaciated

[filippor]

For external browser I implemented a script to retrieve token on repository https://github.com/filippor/XdgOpenSaml the process is 1 start a server to listen on localhost:8020/?id= 2 open in external browser url + "/remote/saml/start?redirect=1" 3 server receive a call and with retieved id call url + "/remote/saml/auth_id?id=" + id to retrieve cookie

you can see a sample implementation in this repo https://github.com/filippor/XdgOpenSaml/blob/main/XdgOpenSaml.java that write the cookie to standard out like openfortivpn-webview

XdgOpenSaml url:port | sudo openfortivpn url:port --cookie-on-stdin --pppd-use-peerdns=