A GlobalProtect VPN client for Linux, written in Rust, based on OpenConnect and Tauri, supports SSO with MFA, Yubikey, and client certificate authentication, etc.
GNU General Public License v3.0
1.29k
stars
149
forks
source link
Authentication not respecting default browser #423
Using the paid GUI version, authentication doesn't seem to respect default browser. It seems to switch back and forth between firefox and chrome - in my case chrome is the default browser.
Expected behavior
Should be using default web browser for authentication.
Environment:
OS: openSUSE Leap 15.6 x86_64
DE: Plasma 5.27.11
Logs
[2024-09-10T22:26:37Z INFO gpservice::cli] gpservice started: 2.3.3 (2024-06-23)
[2024-09-10T22:26:37Z INFO gpservice::ws_server] WS server listening on port: 35665
[2024-09-10T22:26:37Z INFO gpapi::process::gui_launcher] Version check passed: 2.3.3
[2024-09-10T22:26:37Z INFO gpapi::process::gui_launcher] Launching gpgui
[2024-09-10T22:26:37Z INFO gpgui::cli] gpgui started: 2.3.3 (2024-06-23)
[2024-09-10T22:26:37Z INFO gpgui::app] Setting the custom openssl conf path
(gpgui:2695): dbind-WARNING **: 07:56:37.701: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files
[2024-09-10T22:26:37Z INFO gpgui::config::private_data] Loaded config from file
[2024-09-10T22:26:37Z INFO gpgui::app::app_initializer] App initialized
[2024-09-10T22:26:37Z INFO gpgui::ws_connector] Connecting to WS server
[2024-09-10T22:26:37Z INFO gpgui::ws_connector] Received ping
[2024-09-10T22:26:37Z INFO gpgui::ws_connector] Connected to WS server
[2024-09-10T22:26:37Z INFO gpservice::handlers] New client connected
[2024-09-10T22:26:37Z INFO gpservice::ws_server] Sending current VPN state to new client
** (gpgui:2695): WARNING **: 07:56:37.832: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
Could not determine the accessibility bus address
[2024-09-10T22:26:38Z INFO gpapi::utils::window] Window raised after 1 attempts
[2024-09-10T22:26:38Z INFO gpgui::handlers::subscription] Sending the init event to client: main
[2024-09-10T22:26:38Z INFO gpgui::handlers::subscription] Sent the init event to client: main
[2024-09-10T22:26:40Z INFO gpgui::portal_connector] Connecting to the portal: r**********z...
[2024-09-10T22:26:40Z INFO gpgui::portal_connector] Trying to connect the gateway directly...
[2024-09-10T22:26:40Z INFO gpgui::portal_connector] Failed to connect the gateway directly: No credential found
[2024-09-10T22:26:40Z INFO gpgui::portal_connector] Trying to connect portal with cached credential...
[2024-09-10T22:26:40Z INFO gpgui::portal_connector] Failed to connect portal with cached credential: No cached credential found for the portal
[2024-09-10T22:26:40Z INFO gpgui::portal_connector] Trying to connect the portal with prelogin...
[2024-09-10T22:26:40Z INFO gpgui::portal_connector] Performing portal prelogin...
[2024-09-10T22:26:40Z INFO gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux openSUSE Leap 15.6)
[2024-09-10T22:26:40Z INFO gpgui::portal_connector] Authenticating portal...
[2024-09-10T22:26:40Z INFO gpgui::portal_connector] Launching SAML authentication...
[2024-09-10T22:26:40Z INFO gpgui::portal_connector] Waiting for the user to authenticate in the browser...
[2024-09-10T22:27:50Z INFO gpgui::portal_connector] Received gp callback from the browser
[2024-09-10T22:27:50Z INFO gpapi::auth] Parsing SAML auth data...
[2024-09-10T22:27:50Z INFO gpgui::portal_connector] Fetching the portal config...
[2024-09-10T22:27:50Z INFO gpapi::utils::window] Window raised after 1 attempts
[2024-09-10T22:27:50Z INFO gpapi::portal::config] Portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux openSUSE Leap 15.6)
[2024-09-10T22:27:51Z INFO gpgui::portal_connector] Retrieved 1 gateway(s) from the portal, updating...
[2024-09-10T22:27:51Z INFO gpgui::portal_connector] Performing gateway login, gateway: r**********z...
[2024-09-10T22:27:51Z INFO gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux openSUSE Leap 15.6)
[2024-09-10T22:27:51Z INFO gpgui::portal_connector] Gateway login succeeded, gateway: r**********z
[2024-09-10T22:27:51Z INFO gpgui::portal_connector] Connecting to the gateway...
[2024-09-10T22:27:51Z INFO openconnect::ffi] openconnect version: v9.12
[2024-09-10T22:27:51Z INFO openconnect::ffi] User agent: PAN GlobalProtect/6.0.1-19 (Linux openSUSE Leap 15.6)
[2024-09-10T22:27:51Z INFO openconnect::ffi] VPNC script: /etc/openconnect/vpnc-script
[2024-09-10T22:27:51Z INFO openconnect::ffi] OS: linux
[2024-09-10T22:27:51Z INFO openconnect::ffi] CSD_USER: 1000
[2024-09-10T22:27:51Z INFO openconnect::ffi] CSD_WRAPPER: (null)
[2024-09-10T22:27:51Z INFO openconnect::ffi] RECONNECT_TIMEOUT: 300
[2024-09-10T22:27:51Z INFO openconnect::ffi] MTU: 0
[2024-09-10T22:27:51Z INFO openconnect::ffi] DISABLE_IPV6: 0
[2024-09-10T22:27:51Z INFO openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp
[2024-09-10T22:27:51Z INFO openconnect::ffi] Connected to [**********]:443
[2024-09-10T22:27:51Z INFO openconnect::ffi] SSL negotiation with [**********]
[2024-09-10T22:27:51Z INFO openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
[2024-09-10T22:27:51Z INFO openconnect::ffi] Tunnel timeout (rekey interval) is 30 minutes.
[2024-09-10T22:27:51Z INFO openconnect::ffi] Idle timeout is 30 minutes.
[2024-09-10T22:27:51Z WARN openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2024-09-10T22:27:51Z INFO openconnect::ffi] POST https://[**********]/ssl-vpn/hipreportcheck.esp
[2024-09-10T22:27:51Z WARN openconnect::ffi] WARNING: Server asked us to submit HIP report with md5sum 7ed09fb3a9de66961ad50a1cbec7c79b.
VPN connectivity may be disabled or limited without HIP report submission.
You need to provide a --csd-wrapper argument with the HIP report submission script.
[2024-09-10T22:27:51Z INFO openconnect::ffi] ESP session established with server
[2024-09-10T22:27:51Z INFO openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-09-10T22:27:53Z INFO openconnect::ffi] Using vhost-net for tun acceleration, ring size 32
[2024-09-10T22:27:53Z INFO openconnect::vpn] Connected to VPN, pipe_fd: 14
[2024-09-10T22:27:53Z INFO gpgui::portal_connector] Connected to the gateway: r**********z
[2024-09-10T22:56:51Z INFO openconnect::ffi] GlobalProtect rekey due
[2024-09-10T22:56:51Z INFO openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp
[2024-09-10T22:56:51Z INFO openconnect::ffi] SSL negotiation with [**********]
[2024-09-10T22:56:51Z INFO openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
[2024-09-10T22:56:51Z INFO openconnect::ffi] Tunnel timeout (rekey interval) is 30 minutes.
[2024-09-10T22:56:51Z INFO openconnect::ffi] Idle timeout is 30 minutes.
[2024-09-10T22:56:51Z INFO openconnect::ffi] POST https://[**********]/ssl-vpn/hipreportcheck.esp
[2024-09-10T22:56:51Z INFO openconnect::ffi] ESP session established with server
[2024-09-10T22:56:51Z INFO openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-09-10T23:25:51Z INFO openconnect::ffi] GlobalProtect rekey due
Using the paid GUI version, authentication doesn't seem to respect default browser. It seems to switch back and forth between firefox and chrome - in my case chrome is the default browser.
Expected behavior Should be using default web browser for authentication.
Environment: OS: openSUSE Leap 15.6 x86_64 DE: Plasma 5.27.11
Logs