Hi Daniel, A great thanks for your help and time.
> I assume you're the same person who started this thread, asking for > help getting gp-saml-gui working? > https://gitlab.com/openconnect/openconnect/-/issues/53#note_766233185 Yes I am. I tried to deploy gp-saml-gui, but I think there's something with my VM that keeps it from being installed properly. I will give it a deeper try when I'll have more bandwidth. > Exactly what are you trying to do or illustrate here? I *think* that > what you are doing is trying to "manually" follow the SAML login > behavior since you can't use gp-saml-gui to automate it… That's right ! I'm hoping that going through the manual step-by-step SAML authentication, if it works, would allow me to work while searching a solution to deploy gp-saml-gui. I just tried your recommendation with following commands : First : openconnect --protocol=gp --usergroup=gateway--user=91000318@CORP --os=win --passwd-on-stdin fr.ras.biomerieux.com -vvv --verbose Then openconnect --protocol=gp --usergroup=gateway:prelogin-cookie --user=91000318@CORP --os=win --passwd-on-stdin --cookie-on-stdin fr.ras.biomerieux.com -vvv --verbose And I have the same error with the new syntax --os=win: ______________________________________________________________________________________________________ C:\Program Files (x86)\OpenConnect>openconnect --protocol=gp --usergroup=gateway--user=91000318@CORP --os=win --passwd-on-stdin fr.ras.biomerieux.com -vvv --verbose PASSWORD POST https://fr.ras.biomerieux.com/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Windows Attempting to connect to server 193.240.245.231:443 Connected to 193.240.245.231:443 SSL negotiation with fr.ras.biomerieux.com Connected to HTTPS on fr.ras.biomerieux.com with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM) Got HTTP response: HTTP/1.1 200 OK Date: Sat, 18 Dec 2021 16:27:25 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 1891 Connection: keep-alive ETag: "15615f6b6d78" Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 19 Nov 1981 08:52:00 GMT X-FRAME-OPTIONS: DENY Set-Cookie: PHPSESSID=b80ef8876a2488ad88677c021954a344; secure; HttpOnly Set-Cookie: PHPSESSID=b80ef8876a2488ad88677c021954a344; secure; HttpOnly Set-Cookie: PHPSESSID=b80ef8876a2488ad88677c021954a344; secure; HttpOnly Set-Cookie: PHPSESSID=b80ef8876a2488ad88677c021954a344; secure; HttpOnly Set-Cookie: PHPSESSID=b80ef8876a2488ad88677c021954a344; secure; HttpOnly Set-Cookie: PHPSESSID=b80ef8876a2488ad88677c021954a344; secure; HttpOnly Set-Cookie: PHPSESSID=b80ef8876a2488ad88677c021954a344; secure; HttpOnly Set-Cookie: PHPSESSID=b80ef8876a2488ad88677c021954a344; secure; HttpOnly Set-Cookie: PHPSESSID=b80ef8876a2488ad88677c021954a344; secure; HttpOnly Set-Cookie: PHPSESSID=b80ef8876a2488ad88677c021954a344; secure; HttpOnly Set-Cookie: PHPSESSID=b80ef8876a2488ad88677c021954a344; secure; HttpOnly Set-Cookie: PHPSESSID=b80ef8876a2488ad88677c021954a344; path=/; secure; httponly Set-Cookie: PHPSESSID=b80ef8876a2488ad88677c021954a344; secure; HttpOnly Strict-Transport-Security: max-age=31536000; X-XSS-Protection: 1; mode=block; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; HTTP body length: (1891) SAML REDIRECT authentication is required via https://auth.biomerieux.com/adfs/ls/?SAMLRequest=lZFBb4JAEIX%2FCtm7rKygMgESqoea2JQI7aGXZsGxbgK7dmdp%2FPlFbVPbg0mPk3nz5s03CcmuPUDeu73e4HuP5Lxj12qCcyNlvdVgJCkCLTskcA2U%2BcMahD%2BGgzXONKZlXk6E1imjF0ZT36Et0X6oBp8265TtnTsQcL6zvpXk18oMAoX90W9MB2E44SdHMeZlwfNFybzlkEJpefL7mZZDxD%2BzXG53xFvizFstU%2FYaTpqtnIowjuuojmdiHkQyxlm8C4MoRpSDjKjHlSYntUuZGItgFIhRMK%2BCKYgZiOiFecXXVXdKb5V%2Bu42gvogI7quqGBWPZcW8Z7R0jj4IWJacQMJ5sb1Ce9tWfvNk2T%2FoJfxqV3apfv82%2BwQ%3D&RelayState=FIdmABd8MWBiODBlZjg4NzZhMjQ4OGFkODg2NzdjMDIxOTU0YTM0NA%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ZRR6mjDrSS8JjcW3VDnUKUGgXZVhbxpzpD6KMPvWBphCHvVet2Zqxn7p2FEVJnp6II4jf%2BOOYz%2FuUTgtYgb5IWqvEu2lREDLmxHvdYN2umofzP8aUhCP3d1qvrx6T3q%2Fdn9KgJsDKP585b2GqzLJN4BFOSEDz8X4EZMwf6Nkj%2B0GstpagWn73PZY4ISuy2%2FrEkUtOOKPPlhcN%2BdUk0S4slVVizVk6PtQDXFoAUeNIN5opBLHM%2BVQ8dvo1VYP7zKPdOmDBK3diQP0QJ1uCkFwY%2FwYKiRMxAEx2X0vBqpoliZdv6tG%2BJdpQ6mgeX9LSd5MTxeKv0osVqtb1%2ByzMTXtqw%3D%3D When SAML authentication is complete, specify destination form field by appending :field_name to login URL. Failed to complete authentication C:\Program Files (x86)\OpenConnect>openconnect --protocol=gp --usergroup=gateway:prelogin-cookie --user=91000318@CORP --os=win --passwd-on-stdin --cookie-on-stdin fr.ras.biomerieux.com -vvv --verbose PASSWORD Q07i/ONBL3Jr1j5bmHW+IsPc/q8sjB+vx4YZlCGH4G0R+pUaZLJjm8pdZczdORZl POST https://fr.ras.biomerieux.com/ssl-vpn/getconfig.esp Attempting to connect to server 193.240.245.231:443 Connected to 193.240.245.231:443 SSL negotiation with fr.ras.biomerieux.com Connected to HTTPS on fr.ras.biomerieux.com with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM) Got HTTP response: HTTP/1.1 200 OK Date: Sat, 18 Dec 2021 16:30:05 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 29 Connection: keep-alive ETag: "1f35f6b6d78" Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 19 Nov 1981 08:52:00 GMT X-FRAME-OPTIONS: DENY Set-Cookie: PHPSESSID=e0e9f705ef60e6cf72e65b89fd5e7bb6; secure; HttpOnly Strict-Transport-Security: max-age=31536000; X-XSS-Protection: 1; mode=block; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; HTTP body length: (29) Failed to parse server response Response was: errors getting SSL/VPN config Creating SSL connection failed Cookie was rejected by server; exiting. ______________________________________________________________________________________________________ Just before running the commands, being unaware of how x86/x64 works on ARM, I reinstalled OpenConnect in "Program Files (x86)" directory. Last time I performed the installation on the 32-bit installer, it went directly to Program Files directory by default. Plus, during the installation process (both the first and the second time I installed it), TAP drivers failed to install. Can it be related to my errors ? My next actions tonight : 1. Try to force-install TAP drivers 2. Try to use Wireshark to have a look on the XML server response Thank you. Le ven. 17 déc. 2021 à 18:12, Daniel Lenski <dlen...@gmail.com> a écrit : > > On Tue, Dec 14, 2021 at 10:08 PM Daniel Lenski <dlen...@gmail.com> wrote: > > > > What you've specified, `--os=windows`, is not a value that OpenConnect > > understands; per the manual, > > (https://www.infradead.org/openconnect/manual.html), `--os=win` is the > > legal value. Does that work? > > > Have you had a chance to test this? Does it make a difference? > > Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
