search

yuezk / GlobalProtect-openconnect

A GlobalProtect VPN client for Linux, written in Rust, based on OpenConnect and Tauri, supports SSO with MFA, Yubikey, and client certificate authentication, etc.
GNU General Public License v3.0
1.4k stars 157 forks source link

Got invalid auth data #441

Closed DavidPerezIngeniero closed 6 days ago

DavidPerezIngeniero commented 6 days ago

Describe the bug I used to connect with no issues. Maybe the server version of Globalprotect has changed. I can enter my user/password and the 6 digit code, but then it enters in an infinite loop.

Expected behavior I can connect like before

Logs

❯ sudo gpclient connect vpn-ext.groupfcc.com --as-gateway --hip
[2024-11-19T07:38:38Z INFO  gpclient::cli] gpclient started: 2.3.9 (2024-11-02)
[2024-11-19T07:38:38Z INFO  gpclient::connect] Treating the server as a gateway
[2024-11-19T07:38:38Z INFO  gpclient::connect] Performing the gateway authentication...
[2024-11-19T07:38:38Z INFO  gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect
[2024-11-19T07:38:38Z INFO  gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect
[2024-11-19T07:38:39Z INFO  gpauth::cli] gpauth started: 2.3.9 (2024-11-02)
[2024-11-19T07:38:39Z INFO  gpauth::auth_window] Open auth window, user_agent: PAN GlobalProtect

** (gpauth:162947): WARNING **: 08:38:39.965: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
[2024-11-19T07:38:40Z INFO  gpauth::auth_window] Auth window user agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15
[2024-11-19T07:38:40Z INFO  gpauth::auth_window] Load the SAML request as URI...
[2024-11-19T07:38:40Z INFO  gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=7**********x
[2024-11-19T07:38:40Z INFO  gpauth::auth_window] Trying to read auth data from response headers...
[2024-11-19T07:38:40Z INFO  gpauth::auth_window] No saml-auth-status header found
[2024-11-19T07:38:40Z INFO  gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-11-19T07:38:40Z INFO  gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-11-19T07:38:40Z INFO  gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-11-19T07:38:40Z INFO  gpauth::auth_window] Raise window in 1 second(s)
[2024-11-19T07:38:41Z INFO  gpapi::utils::window] Window raised after 1 attempts
[2024-11-19T07:38:44Z INFO  gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=7**********x&client-request-id=6**********1
[2024-11-19T07:38:44Z INFO  gpauth::auth_window] Trying to read auth data from response headers...
[2024-11-19T07:38:44Z INFO  gpauth::auth_window] No saml-auth-status header found
[2024-11-19T07:38:44Z INFO  gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-11-19T07:38:44Z INFO  gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-11-19T07:38:44Z INFO  gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-11-19T07:38:46Z INFO  gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=7**********x&client-request-id=6**********1
[2024-11-19T07:38:46Z INFO  gpauth::auth_window] Trying to read auth data from response headers...
[2024-11-19T07:38:46Z INFO  gpauth::auth_window] No saml-auth-status header found
[2024-11-19T07:38:46Z INFO  gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-11-19T07:38:46Z INFO  gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-11-19T07:38:46Z INFO  gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-11-19T07:38:51Z INFO  gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=7**********x&client-request-id=6**********1
[2024-11-19T07:38:51Z INFO  gpauth::auth_window] Trying to read auth data from response headers...
[2024-11-19T07:38:51Z INFO  gpauth::auth_window] No saml-auth-status header found
[2024-11-19T07:38:51Z INFO  gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-11-19T07:38:51Z INFO  gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-11-19T07:38:51Z INFO  gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-11-19T07:38:52Z WARN  gpauth::auth_window] Failed to load uri: https://v**********m/SAML20/SP/ACS with error: Solicitação de carregamento cancelada
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Loaded uri: https://v**********m/SAML20/SP/ACS
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Trying to read auth data from response headers...
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Found invalid SAML status: -1 in headers
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Found invalid auth data in headers, trying to read from body...
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Found gpcallback from html...
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Failed to read auth data from body: Invalid auth data
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Got invalid auth data, retrying...
[2024-11-19T07:38:52Z INFO  gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Loaded uri: globalprotectcallback:PGh0bWw+PCE**********=
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Injected loading element successfully
[2024-11-19T07:38:52Z INFO  gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Load the SAML request as URI...
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********3&RelayState=A**********x
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Trying to read auth data from response headers...
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] No saml-auth-status header found
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-11-19T07:38:52Z WARN  gpauth::auth_window] Failed to load uri: https://v**********m/SAML20/SP/ACS with error: Solicitação de carregamento cancelada
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Loaded uri: https://v**********m/SAML20/SP/ACS
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Trying to read auth data from response headers...
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Found invalid SAML status: -1 in headers
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Found invalid auth data in headers, trying to read from body...
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Found gpcallback from html...
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Failed to read auth data from body: Invalid auth data
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Got invalid auth data, retrying...
[2024-11-19T07:38:52Z INFO  gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Loaded uri: globalprotectcallback:PGh0bWw+PCE**********=
[2024-11-19T07:38:52Z INFO  gpauth::auth_window] Injected loading element successfully
[2024-11-19T07:38:52Z INFO  gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect
[2024-11-19T07:38:53Z INFO  gpauth::auth_window] Load the SAML request as URI...
[2024-11-19T07:38:53Z INFO  gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********G&RelayState=B**********x
[2024-11-19T07:38:53Z INFO  gpauth::auth_window] Trying to read auth data from response headers...
[2024-11-19T07:38:53Z INFO  gpauth::auth_window] No saml-auth-status header found
[2024-11-19T07:38:53Z INFO  gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-11-19T07:38:53Z INFO  gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-11-19T07:38:53Z INFO  gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-11-19T07:38:54Z WARN  gpauth::auth_window] Failed to load uri: https://v**********m/SAML20/SP/ACS with error: Solicitação de carregamento cancelada
[2024-11-19T07:38:54Z INFO  gpauth::auth_window] Loaded uri: https://v**********m/SAML20/SP/ACS
[2024-11-19T07:38:54Z INFO  gpauth::auth_window] Trying to read auth data from response headers...
[2024-11-19T07:38:54Z INFO  gpauth::auth_window] Found invalid SAML status: -1 in headers
[2024-11-19T07:38:54Z INFO  gpauth::auth_window] Found invalid auth data in headers, trying to read from body...
[2024-11-19T07:38:54Z INFO  gpauth::auth_window] Loaded uri: globalprotectcallback:PGh0bWw+PCE**********=
[2024-11-19T07:38:54Z INFO  gpauth::auth_window] Found gpcallback from html...
[2024-11-19T07:38:54Z INFO  gpauth::auth_window] Failed to read auth data from body: Invalid auth data
[2024-11-19T07:38:54Z INFO  gpauth::auth_window] Got invalid auth data, retrying...
[2024-11-19T07:38:54Z INFO  gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect
[2024-11-19T07:38:54Z INFO  gpauth::auth_window] Injected loading element successfully
[2024-11-19T07:38:54Z INFO  gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] Load the SAML request as URI...
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=C**********x
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] Trying to read auth data from response headers...
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] No saml-auth-status header found
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-11-19T07:38:55Z WARN  gpauth::auth_window] Failed to load uri: https://v**********m/SAML20/SP/ACS with error: Solicitação de carregamento cancelada
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] Loaded uri: https://v**********m/SAML20/SP/ACS
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] Trying to read auth data from response headers...
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] Found invalid SAML status: -1 in headers
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] Found invalid auth data in headers, trying to read from body...
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] Loaded uri: globalprotectcallback:PGh0bWw+PCE**********=
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] Found gpcallback from html...
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] Failed to read auth data from body: Invalid auth data
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] Got invalid auth data, retrying...
[2024-11-19T07:38:55Z INFO  gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect
[2024-11-19T07:38:55Z INFO  gpauth::auth_window] Injected loading element successfully
[2024-11-19T07:38:55Z INFO  gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect
[2024-11-19T07:38:56Z INFO  gpauth::auth_window] Load the SAML request as URI...
[2024-11-19T07:38:56Z INFO  gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=D**********x
[2024-11-19T07:38:56Z INFO  gpauth::auth_window] Trying to read auth data from response headers...
[2024-11-19T07:38:56Z INFO  gpauth::auth_window] No saml-auth-status header found
[2024-11-19T07:38:56Z INFO  gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-11-19T07:38:56Z INFO  gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-11-19T07:38:56Z INFO  gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint
[2024-11-19T07:38:57Z WARN  gpauth::auth_window] Failed to load uri: https://v**********m/SAML20/SP/ACS with error: Solicitação de carregamento cancelada
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] Loaded uri: https://v**********m/SAML20/SP/ACS
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] Trying to read auth data from response headers...
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] Found invalid SAML status: -1 in headers
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] Found invalid auth data in headers, trying to read from body...
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] Loaded uri: globalprotectcallback:PGh0bWw+PCE**********=
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] Found gpcallback from html...
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] Failed to read auth data from body: Invalid auth data
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] Got invalid auth data, retrying...
[2024-11-19T07:38:57Z INFO  gpapi::portal::prelogin] Gateway prelogin with user_agent: PAN GlobalProtect
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] Injected loading element successfully
[2024-11-19T07:38:57Z INFO  gpapi::portal::prelogin] Perform prelogin, user_agent: PAN GlobalProtect
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] Load the SAML request as URI...
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] Loaded uri: https://a**********m/adfs/ls/?SAMLRequest=j**********%3D&RelayState=E**********x
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] Trying to read auth data from response headers...
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] No saml-auth-status header found
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] No auth data found in headers, trying to read from body...
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] Failed to read auth data from body: No auth data found
[2024-11-19T07:38:57Z INFO  gpauth::auth_window] No auth data found, it may not be the /SAML20/SP/ACS endpoint

Environment:

DavidPerezIngeniero commented 6 days ago

Solved by some action taken on the server level.