collective/nu-vpn-proxy
17
0
Fork 0
Code
52 Commits 1 Branch 0 Tags 198 KiB
master
Commit Graph

21 Commits

Author SHA1 Message Date
Benjamin Mako Hill
5d9f17d8ee updated with the new version of gp-saml-gui (from upstream) 2025-03-09 23:10:06 -07:00
Benjamin Mako Hill
2970f2c702 updated to new version fo gp-saml-gui and new api 
Apparently new versions of GP hav changed the SAML API some. The
openconnect command now requires --gateway so this has been added.

I haven't tested the general and http scripts but I assume they
work. Someone else should verify.
 2023-06-28 12:42:28 -07:00
Benjamin Mako Hill
ce4ad0575b disable IPv6 (it doesn't seem to work) 2020-11-19 17:39:48 -08:00
Daniel Lenski
6133ffeb7a use either PyGObject (import gi, maintained) or pgi (import pgi, old/unmaintained) 
ping #7
 2020-03-29 09:54:24 -07:00
Daniel Lenski
6ee0c49794 I swear I know how to write Python 🤦🏻‍♂ 2020-03-23 15:18:36 -07:00
Daniel Lenski
f381399b8f we have reports of prelogin-cookie used for portal login; don't do interface switcheroo by default, just mention it 2020-03-23 12:58:17 -07:00
Daniel Lenski
dc4665ee97 make verbose=1 the default, add -q/--quiet to suppress it 2020-03-23 12:58:17 -07:00
Daniel Lenski
66438abc7c include clientos in output command-lines and environment variables 2020-03-23 12:58:17 -07:00
Daniel Lenski
6bbbe47904 fix too-hurried ambiguity warnings, fix b64 encoding for SAML REDIRECT too 2020-03-23 12:32:39 -07:00
Daniel Lenski
2cf05074cc include clientos in prelogin.esp parameters (ping #6) 
Apparently, it affects whether the prelogin.esp response contains SAML tags
in some cases.
(see https://github.com/dlenski/gp-saml-gui/issues/6#issuecomment-599743060)

This fits in with a long line of mystifying issues caused by GlobalProtect servers
silently handling different `clientos` values in stupidly different ways.
(see https://gitlab.com/openconnect/openconnect/-/merge_requests/17)
 2020-03-17 15:55:21 -07:00
Daniel Lenski
3e09aecfec clarify ambiguities in destination, slightly better error messages 2020-03-13 10:54:42 -07:00
Daniel Lenski
8ca97e5bdb assume server from which we received SAML results is the right one for final GP authentication 
Should fix https://gitlab.com/openconnect/openconnect/issues/97

In particular: https://gitlab.com/openconnect/openconnect/issues/97#note_276932462
 2020-01-25 17:15:01 -08:00
Daniel Lenski
ef2bfa6b56 extensive cleanup, more logging 2020-01-25 16:55:45 -08:00
Daniel Lenski
dae4360c38 better SSL error handling (especially, distinguish cert from non-cert errors) 2020-01-24 00:19:05 -08:00
Daniel Lenski
10e4628f35 should use shlex.quote() instead of repr() 2020-01-24 00:17:02 -08:00
Daniel Lenski
2cbd24046b pass along --no-verify flag to WebKit2 GUI (ping #5) 2019-11-25 13:06:25 -08:00
Daniel Lenski
f923c1247c SAML auth isn't done until we've gotten the username and cookie headers specifically (ping #2) 2019-09-19 14:02:42 -07:00
Daniel Lenski
ff4d825290 add --external and --uri for convenient debugging/futzing purposes 2019-09-17 10:51:50 -07:00
Daniel Lenski
f429acaa10 log other resources loaded when verbosity > 1 (e.g. -vv flag) 2019-09-16 21:23:40 -07:00
Daniel Lenski
d30ca2c960 persist cookies 2019-09-16 19:57:48 -07:00
Daniel Lenski
4e5cd24588 initial commit 2019-09-16 19:57:48 -07:00