https://bugs.kde.org/show_bug.cgi?id=444500
Bug ID: 444500 Summary: GlobalProtect SAML request/response ignored Product: plasma-nm Version: 5.22.5 Platform: Fedora RPMs OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: general Assignee: jgrul...@redhat.com Reporter: jdbar...@isi.edu Target Milestone: --- SUMMARY Globalprotect servers that ask for SAML login do not interactively request additional information. STEPS TO REPRODUCE 1. Create connection with openconnect gp plugin for server that requires a SAML auth 2. Attempt connect 3. Authentication always fails because SAML requests appear to be ignored OBSERVED RESULT POST https://vpn.host.net/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux Attempting to connect to server ip.v4.host.addr:443 Connected to ip.v4.host.addr:443 SSL negotiation with vpn.host.net Connected to HTTPS on vpn.host.net with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM) Got HTTP response: HTTP/1.1 200 OK Date: Fri, 15 Oct 2021 21:17:58 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 2104 Connection: keep-alive ETag: "167860b854d7" Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 19 Nov 1981 08:52:00 GMT X-FRAME-OPTIONS: DENY Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; path=/; secure; httponly Set-Cookie: PHPSESSID=e39b5e7553f960ebf2f91de23ff3bc5d; secure; HttpOnly Strict-Transport-Security: max-age=31536000; X-XSS-Protection: 1; mode=block; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; HTTP body length: (2104) SAML POST authentication is required via external script. When SAML authentication is complete, specify destination form field by appending :field_name to login URL. Failed to parse server response Response was:<?xml version="1.0" encoding="UTF-8" ?> <prelogin-response> <status>Success</status> <ccusername></ccusername> <autosubmit>false</autosubmit> <msg></msg> <newmsg></newmsg> <authentication-message>login through Okta</authentication-message> <username-label>Username</username-label> <password-label>Password</password-label> <panos-version>1</panos-version> <saml-default-browser>yes</saml-default-browser><saml-auth-status>0</saml-auth-status> <saml-auth-method>POST</saml-auth-method> <saml-request-timeout>600</saml-request-timeout> <saml-request-id>0</saml-request-id><saml-request>PG... ... very long stuff ... ...DQo=</saml-request><region>US</region> </prelogin-response> EXPECTED RESULT SOFTWARE/OS VERSIONS Windows: macOS: Linux/KDE Plasma: (available in About System) KDE Plasma Version: KDE Frameworks Version: Qt Version: ADDITIONAL INFORMATION -- You are receiving this mail because: You are watching all bug changes.