search

yuezk / GlobalProtect-openconnect

A GlobalProtect VPN client for Linux, written in Rust, based on OpenConnect and Tauri, supports SSO with MFA, Yubikey, and client certificate authentication, etc.
GNU General Public License v3.0
1.29k stars 149 forks source link

Authentication not respecting default browser #423

Open avfxtd opened 5 days ago

avfxtd commented 5 days ago

Using the paid GUI version, authentication doesn't seem to respect default browser. It seems to switch back and forth between firefox and chrome - in my case chrome is the default browser.

Expected behavior Should be using default web browser for authentication.

Environment: OS: openSUSE Leap 15.6 x86_64 DE: Plasma 5.27.11

Logs

[2024-09-10T22:26:37Z INFO  gpservice::cli] gpservice started: 2.3.3 (2024-06-23)
[2024-09-10T22:26:37Z INFO  gpservice::ws_server] WS server listening on port: 35665
[2024-09-10T22:26:37Z INFO  gpapi::process::gui_launcher] Version check passed: 2.3.3
[2024-09-10T22:26:37Z INFO  gpapi::process::gui_launcher] Launching gpgui
[2024-09-10T22:26:37Z INFO  gpgui::cli] gpgui started: 2.3.3 (2024-06-23)
[2024-09-10T22:26:37Z INFO  gpgui::app] Setting the custom openssl conf path

(gpgui:2695): dbind-WARNING **: 07:56:37.701: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files
[2024-09-10T22:26:37Z INFO  gpgui::config::private_data] Loaded config from file
[2024-09-10T22:26:37Z INFO  gpgui::app::app_initializer] App initialized
[2024-09-10T22:26:37Z INFO  gpgui::ws_connector] Connecting to WS server
[2024-09-10T22:26:37Z INFO  gpgui::ws_connector] Received ping
[2024-09-10T22:26:37Z INFO  gpgui::ws_connector] Connected to WS server
[2024-09-10T22:26:37Z INFO  gpservice::handlers] New client connected
[2024-09-10T22:26:37Z INFO  gpservice::ws_server] Sending current VPN state to new client

** (gpgui:2695): WARNING **: 07:56:37.832: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
Could not determine the accessibility bus address
[2024-09-10T22:26:38Z INFO  gpapi::utils::window] Window raised after 1 attempts
[2024-09-10T22:26:38Z INFO  gpgui::handlers::subscription] Sending the init event to client: main
[2024-09-10T22:26:38Z INFO  gpgui::handlers::subscription] Sent the init event to client: main
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Connecting to the portal: r**********z...
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Trying to connect the gateway directly...
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Failed to connect the gateway directly: No credential found
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Trying to connect portal with cached credential...
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Failed to connect portal with cached credential: No cached credential found for the portal
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Trying to connect the portal with prelogin...
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Performing portal prelogin...
[2024-09-10T22:26:40Z INFO  gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux openSUSE Leap 15.6)
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Authenticating portal...
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Launching SAML authentication...
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Waiting for the user to authenticate in the browser...
[2024-09-10T22:27:50Z INFO  gpgui::portal_connector] Received gp callback from the browser
[2024-09-10T22:27:50Z INFO  gpapi::auth] Parsing SAML auth data...
[2024-09-10T22:27:50Z INFO  gpgui::portal_connector] Fetching the portal config...
[2024-09-10T22:27:50Z INFO  gpapi::utils::window] Window raised after 1 attempts
[2024-09-10T22:27:50Z INFO  gpapi::portal::config] Portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux openSUSE Leap 15.6)
[2024-09-10T22:27:51Z INFO  gpgui::portal_connector] Retrieved 1 gateway(s) from the portal, updating...
[2024-09-10T22:27:51Z INFO  gpgui::portal_connector] Performing gateway login, gateway: r**********z...
[2024-09-10T22:27:51Z INFO  gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux openSUSE Leap 15.6)
[2024-09-10T22:27:51Z INFO  gpgui::portal_connector] Gateway login succeeded, gateway: r**********z
[2024-09-10T22:27:51Z INFO  gpgui::portal_connector] Connecting to the gateway...
[2024-09-10T22:27:51Z INFO  openconnect::ffi] openconnect version: v9.12
[2024-09-10T22:27:51Z INFO  openconnect::ffi] User agent: PAN GlobalProtect/6.0.1-19 (Linux openSUSE Leap 15.6)
[2024-09-10T22:27:51Z INFO  openconnect::ffi] VPNC script: /etc/openconnect/vpnc-script
[2024-09-10T22:27:51Z INFO  openconnect::ffi] OS: linux
[2024-09-10T22:27:51Z INFO  openconnect::ffi] CSD_USER: 1000
[2024-09-10T22:27:51Z INFO  openconnect::ffi] CSD_WRAPPER: (null)
[2024-09-10T22:27:51Z INFO  openconnect::ffi] RECONNECT_TIMEOUT: 300
[2024-09-10T22:27:51Z INFO  openconnect::ffi] MTU: 0
[2024-09-10T22:27:51Z INFO  openconnect::ffi] DISABLE_IPV6: 0
[2024-09-10T22:27:51Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp
[2024-09-10T22:27:51Z INFO  openconnect::ffi] Connected to [**********]:443
[2024-09-10T22:27:51Z INFO  openconnect::ffi] SSL negotiation with [**********]
[2024-09-10T22:27:51Z INFO  openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
[2024-09-10T22:27:51Z INFO  openconnect::ffi] Tunnel timeout (rekey interval) is 30 minutes.
[2024-09-10T22:27:51Z INFO  openconnect::ffi] Idle timeout is 30 minutes.
[2024-09-10T22:27:51Z WARN  openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2024-09-10T22:27:51Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/hipreportcheck.esp
[2024-09-10T22:27:51Z WARN  openconnect::ffi] WARNING: Server asked us to submit HIP report with md5sum 7ed09fb3a9de66961ad50a1cbec7c79b.
    VPN connectivity may be disabled or limited without HIP report submission.
    You need to provide a --csd-wrapper argument with the HIP report submission script.
[2024-09-10T22:27:51Z INFO  openconnect::ffi] ESP session established with server
[2024-09-10T22:27:51Z INFO  openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-09-10T22:27:53Z INFO  openconnect::ffi] Using vhost-net for tun acceleration, ring size 32
[2024-09-10T22:27:53Z INFO  openconnect::vpn] Connected to VPN, pipe_fd: 14
[2024-09-10T22:27:53Z INFO  gpgui::portal_connector] Connected to the gateway: r**********z
[2024-09-10T22:56:51Z INFO  openconnect::ffi] GlobalProtect rekey due
[2024-09-10T22:56:51Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp
[2024-09-10T22:56:51Z INFO  openconnect::ffi] SSL negotiation with [**********]
[2024-09-10T22:56:51Z INFO  openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
[2024-09-10T22:56:51Z INFO  openconnect::ffi] Tunnel timeout (rekey interval) is 30 minutes.
[2024-09-10T22:56:51Z INFO  openconnect::ffi] Idle timeout is 30 minutes.
[2024-09-10T22:56:51Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/hipreportcheck.esp
[2024-09-10T22:56:51Z INFO  openconnect::ffi] ESP session established with server
[2024-09-10T22:56:51Z INFO  openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-09-10T23:25:51Z INFO  openconnect::ffi] GlobalProtect rekey due
yuezk commented 5 days ago

Thanks for the feedback, I will enhance it. Related: https://github.com/yuezk/GlobalProtect-openconnect/issues/416