The intention is to split the SAML auth (that does not need admin rights) and openconnect invocation (that needs admin rights).
The openconnect invocation can be offloaded to a perpetual running priviledged daemon or a windows service.
The python application will import openconnect_sso and get the auth information. (Similar to openconnect-sso --authenticate=json output)
This auth info will then be conveyed to the privileged daemon/service that will launch the openconnect binary.
This mimics the Cisco anyconnect application's behavior, without the idiocies of the Cisco app.
I tried using openconnect-sso --authenticate=json, but it also puts a lot of debug logs (mainly from webengine_process.py) on stdout and the auth json also on stdout, which is an unnecessary hassle to separate.
Since openconnect-sso is written in python, the ability to import it as a module is more pythonic way to do this, IMO.
The intention is to split the SAML auth (that does not need admin rights) and openconnect invocation (that needs admin rights).
The openconnect invocation can be offloaded to a perpetual running priviledged daemon or a windows service.
The python application will import openconnect_sso and get the auth information. (Similar to
openconnect-sso --authenticate=jsonoutput) This auth info will then be conveyed to the privileged daemon/service that will launch the openconnect binary.This mimics the Cisco anyconnect application's behavior, without the idiocies of the Cisco app.
I tried using
openconnect-sso --authenticate=json, but it also puts a lot of debug logs (mainly from webengine_process.py) on stdout and the auth json also on stdout, which is an unnecessary hassle to separate.Since openconnect-sso is written in python, the ability to import it as a module is more pythonic way to do this, IMO.