This script provides a wrapper around OpenConnect which allows a user to log in through a WebKitGTK2 window. This allows OpenConnect to be compatible with web-based authentication mechanisms, such as SAML.
The script can be used with python2 or python3, however python3 is recommended. The following packages are also required:
Instruction for specific distros can be found below.
sudo apt install python3-gi gir1.2-webkit2-4.0 openconnectsudo yum install python-gi webkit2gtk3 openconnectsudo pacman -S python-gobject webkit2gtk openconnectThis repo can be downloaded with git clone https://github.com/utknoxville/openconnect-pulse-gui or via the GitHub webpage.
Installation can be performed using pip install . or directly calling python setup.py install.
Once installed, the openconnect-pulse-gui script should be in your $PATH. If not, the script openconnect_pulse_gui/openconnect_pulse_gui.py can be called directly.
The only required required argument is the sign-in link / server URL. Other arguments can be found by using python openconnect-pulse-gui.py -h.
Note that this script will not run openconnect, it will only print the command with the correct arguments to stdout.
Anybody wishing to recreate this functionality either manually or using another library can with the following steps:
Set-Cookie header that contains the DSID cookie. This is the authentication cookie used by Pulse Secure.openconnect using --protocol nc and -C 'DSID=<cookie-value>'. Note that some workflows may work with --protocol pulse, but at this time SAML-based logins do not.