Comments (6)
I currently don't have access to enable SMS verification in my OKTA and therefore it's hard to answer and code the solution. Will try to think of something.
from pan-globalprotect-okta.
Ok, I resolved the issue of access to SMS factor. Will try to figure out work-flow and implement it.
from pan-globalprotect-okta.
@ffainelli I've implemented SMS verification. To use it, add sms.okta = 1
in Your configuration file, before totp.xxx
lines (it defines priority).
I made successful connection with SMS verification, but, please, test it and give feedback.
from pan-globalprotect-okta.
@arthepsy thanks, this works great, now I back to where I was before with the following:
# mfa.response:
200
{"expiresAt":"2019-01-23T04:46:28.000Z","status":"SUCCESS","sessionToken":"20111tQ3vqjgLMGq7GDAmz3U6w-Q65xM-yghBnnAStRvo_zEmpE4GLl","_embedded":{"user":{"id":"00u40napl4brrxRCi0x7","profile":{"login":"[email protected]","firstName":"Florian","lastName":"Fainelli","locale":"en","timeZone":"America/Los_Angeles"}}}}
---
[INFO] sessionToken: 20111tQ3vqjgLMGq7GDAmz3U6w-Q65xM-yghBnnAStRvo_zEmpE4GLl
[INFO] okta redirect request
# redirect.response:
200
<!DOCTYPE html>
<!--[if IE 7]><html class="lt-ie10 lt-ie9 lt-ie8"><![endif]-->
<!--[if IE 8]><html class="lt-ie10 lt-ie9"> <![endif]-->
<!--[if IE 9]><html class="lt-ie10"><![endif]-->
<!--[if gt IE 9]><html><![endif]-->
<!--[if !IE]><!--><html><!--<![endif]-->
<head>
<script>if (typeof module === 'object') {window.module = module; module = undefined;}</script>
<title>Company Inc. - Extra Verification</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="robots" content="none" />
<link href="https://company.okta.com/assets/loginpage/css/okta-login-page.min.c2335d687406691ab0663072de302c86.css" type="text/css" rel="stylesheet"/><script>
var okta = {
locale: 'en',
deployEnv: 'PROD'
};
</script>
<script>window.okta || (window.okta = {}); okta.cdnUrlHostname = ""; okta.cdnPerformCheck = true; okta.cdnPerformCheckHostname = "//ok6static.oktacdn.com";</script><script>window.okta || (window.okta = {});window.okta.mixpanel = true;window.okta.mixpanelTrackingSamplingFactors = {"_DEFAULT":1.0};</script><script>if (window.module) module = window.module;</script>
</head>
<body class="auth okta-container">
<!--[if gte IE 8]>
<![if lte IE 9]>
<style>
.unsupported-browser-banner-wrap {
padding: 20px;
border: 1px solid #ddd;
background-color: #f3fbff;
}
.unsupported-browser-banner-inner {
position: relative;
width: 735px;
margin: 0 auto;
text-align: left;
}
.unsupported-browser-banner-inner .icon {
vertical-align: top;
margin-right: 20px;
display: inline-block;
position: static !important;
}
.unsupported-browser-banner-inner a {
text-decoration: underline;
}
</style>
<div class="unsupported-browser-banner-wrap">
<div class="unsupported-browser-banner-inner">
<span class="icon icon-16 icon-only warning-16-yellow"></span>You are using an unsupported browser. For the best experience, update to <a href="https://support.okta.com/help/articles/Knowledge_Article/24532952-Platforms---Browser-and-OS-Support">a supported browser</a>.</div>
</div>
<![endif]>
<![endif]-->
<!--[if IE 8]> <div id="login-bg-image-ie8" class="login-bg-image" data-se="login-bg-image"></div> <![endif]-->
<!--[if (gt IE 8)|!(IE)]><!--> <div id="login-bg-image" class="login-bg-image" data-se="login-bg-image"></div> <!--<![endif]-->
<!-- hidden form for reposting fromURI for X509 auth -->
<form action="/login/cert" method="post" id="x509_login" name="x509_login" style="display:none;">
<input type="hidden" class="hide" name="_xsrfToken" value="d8da98c20e4a639dcb544261167c29e6672283c768b63a54d528b7343e723d5f"/><input type="hidden" id="fromURI" name="fromURI" class="hidden" value="/app/panw_globalprotect/exk2jo2uafxlvaNue2p7/sso/saml?SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vcG9ydGFsLnZwbi5icm9hZGNvbS5jb206NDQzL1NBTUwyMC9TUC9BQ1MiIERlc3RpbmF0aW9uPSJodHRwczovL2Jyb2FkY29tLm9rdGEuY29tL2FwcC9wYW53X2dsb2JhbHByb3RlY3QvZXhrMmpvMnVhZnhsdmFOdWUycDcvc3NvL3NhbWwiIElEPSJfM2FhZjM4MWI0M2Y5OTQzNTYwYTg1OTRjMGU1OGNjNWUiIElzc3VlSW5zdGFudD0iMjAxOS0wMS0yM1QwNDo0MTowOFoiIFByb3RvY29sQmluZGluZz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmJpbmRpbmdzOkhUVFAtUE9TVCIgVmVyc2lvbj0iMi4wIj48c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI%2BaHR0cHM6Ly9wb3J0YWwudnBuLmJyb2FkY29tLmNvbTo0NDMvU0FNTDIwL1NQPC9zYW1sOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KPGRzOlNpZ25lZEluZm8%2BCjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8%2BCjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KPGRzOlJlZmVyZW5jZSBVUkk9IiNfM2FhZjM4MWI0M2Y5OTQzNTYwYTg1OTRjMGU1OGNjNWUiPgo8ZHM6VHJhbnNmb3Jtcz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8%2BCjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPC9kczpUcmFuc2Zvcm1zPgo8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4KPGRzOkRpZ2VzdFZhbHVlPjJDOG5oK2VQYmZMMFlYVGhMWE1Dand2aDdSRT08L2RzOkRpZ2VzdFZhbHVlPgo8L2RzOlJlZmVyZW5jZT4KPC9kczpTaWduZWRJbmZvPgo8ZHM6U2lnbmF0dXJlVmFsdWU%2BcWxkbDI5WnV4OWF6aGZNUTFvUmlXSU81aXEyK3lVQWlyblNoV0pvVkpOVmtkZXkxeEFwL09aUFVpeURJS2pWRAo1cVU4ZU9sbEpGaWF3ZW5oS3RLSVhicG4yOVUwQVZxTGxXaUpYRlZUbW1IU0l0WG9wU2FyM1lBQTFNRUNYUFpxCk5iOE9xSWVnZm5yeVdSaVdBTUNPZU1CSTlXSG52YWVNNGkxZUNrVnl4ZWNrbGp6SndPTEhGT1I4ZXQ5Rzgzb28KRHVpVFdHMkVGVEU4N1dZbUtvRE15QW4vZ2UvamdrWmsyUzJXUFlIN0x0QUFmOWtNdW1WT3pDSERwSXdWYkxwSQpuYlJsbjFtdmY5U0dQOTI5dnJwS3MrbHVpTWEyVW03OTEyN3N3ZWpLU0pKM3VwQ05XV1BBWkdkbjIzSjE5citKCnVVUEZrUjRiYWgwSERBaXZqNEtwc3c9PTwvZHM6U2lnbmF0dXJlVmFsdWU%2BCjxkczpLZXlJbmZvPjxkczpLZXlOYW1lPioudnBuLmJyb2FkY29tLmNvbTwvZHM6S2V5TmFtZT48ZHM6WDUwOURhdGE%2BPGRzOlg1MDlTdWJqZWN0TmFtZT5DTj0qLnZwbi5icm9hZGNvbS5jb20sT1U9SVQsTz1Ccm9hZGNvbSBJbmMsTD1TYW4gSm9zZSxTVD1DYWxpZm9ybmlhLEM9VVM8L2RzOlg1MDlTdWJqZWN0TmFtZT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUdwekNDQlkrZ0F3SUJBZ0lRRGlwekd1TzhXMDJDYmVxanVxWHI4ekFOQmdrcWhraUc5dzBCQVFzRkFEQk4KTVFzd0NRWURWUVFHRXdKVlV6RVZNQk1HQTFVRUNoTU1SR2xuYVVObGNuUWdTVzVqTVNjd0pRWURWUVFERXg1RQphV2RwUTJWeWRDQlRTRUV5SUZObFkzVnlaU0JUWlhKMlpYSWdRMEV3SGhjTk1UZ3hNREk1TURBd01EQXdXaGNOCk1qQXhNREk1TVRJd01EQXdXakIyTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHQTFVRUNCTUtRMkZzYVdadmNtNXAKWVRFUk1BOEdBMVVFQnhNSVUyRnVJRXB2YzJVeEZUQVRCZ05WQkFvVERFSnliMkZrWTI5dElFbHVZekVMTUFrRwpBMVVFQ3hNQ1NWUXhHekFaQmdOVkJBTU1FaW91ZG5CdUxtSnliMkZrWTI5dExtTnZiVENDQVNJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTktZVnRBeEtxWXo0WDJFYXl6eDg1U20yeEN0SzdXbGRIQUkKMSs2ZTEyVytRbXd3VUpWbTBDeTQ1SHc0Q051RGpibE92WmVPTFY5dXRzUTRIR3hiRi81akNvN1NrcExldmVDSgpnN0YwU3l5Z3oveGRoOWg2bU1IcjhoSUJuNEZoVFpCdHJxMS9DQ0VkTEFOYlRxbkpzSEdrNm5rNDdibmd5NEhpClNPanJUSXBCNjc5L1ZKbFpyUDF1OVE1akFlV3VURGlFNFNCdk43NWhoUzl4dHZ0TWlRSGppam9UVjBXYXgzcDYKdUliaVc0SFRqRFppY2Y1RHV2ZC84VzVFVTFpRnptOGNaL3hQalZKbExLT3YxelhjYzgvdkNGcHg1L2pocTlsagordGppRk8rWDgzN3I1L2Y0MTZDQlR3MjhPYXdEdE5SM1RCc3JVN1dib2FUYmxzQlN2NXNDQXdFQUFhT0NBMWd3CmdnTlVNQjhHQTFVZEl3UVlNQmFBRkErQVlSeUNNV0hWTHlqbmpVWTR0Q3poeHRuaU1CMEdBMVVkRGdRV0JCVGoKTjZsTDJnbmpmblR4RVYyWDNpVlp6K21sbWpBZEJnTlZIUkVFRmpBVWdoSXFMblp3Ymk1aWNtOWhaR052YlM1agpiMjB3RGdZRFZSMFBBUUgvQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNECkFqQnJCZ05WSFI4RVpEQmlNQytnTGFBcmhpbG9kSFJ3T2k4dlkzSnNNeTVrYVdkcFkyVnlkQzVqYjIwdmMzTmoKWVMxemFHRXlMV2MyTG1OeWJEQXZvQzJnSzRZcGFIUjBjRG92TDJOeWJEUXVaR2xuYVdObGNuUXVZMjl0TDNOegpZMkV0YzJoaE1pMW5OaTVqY213d1RBWURWUjBnQkVVd1F6QTNCZ2xnaGtnQmh2MXNBUUV3S2pBb0JnZ3JCZ0VGCkJRY0NBUlljYUhSMGNITTZMeTkzZDNjdVpHbG5hV05sY25RdVkyOXRMME5RVXpBSUJnWm5nUXdCQWdJd2ZBWUkKS3dZQkJRVUhBUUVFY0RCdU1DUUdDQ3NHQVFVRkJ6QUJoaGhvZEhSd09pOHZiMk56Y0M1a2FXZHBZMlZ5ZEM1agpiMjB3UmdZSUt3WUJCUVVITUFLR09taDBkSEE2THk5allXTmxjblJ6TG1ScFoybGpaWEowTG1OdmJTOUVhV2RwClEyVnlkRk5JUVRKVFpXTjFjbVZUWlhKMlpYSkRRUzVqY25Rd0NRWURWUjBUQkFJd0FEQ0NBWDRHQ2lzR0FRUUIKMW5rQ0JBSUVnZ0Z1QklJQmFnRm9BSFlBcExrSmtMUVlXQlNIdXhPaXpHZHdDancxbUFUNUc5KzQ0M2ZORHNnTgozQkFBQUFGbXYvS2JmZ0FBQkFNQVJ6QkZBaUJYd3dIMXA3ZEZlZlduSngzMkxLSldNSnFtY1ZLY0dnR1Q5OVJzClJYTzFuQUloQU1BbGoxNVJVb3BYZ2pvcGZJRk44RHZ3QnBxSTdBOVNpKzQ0UXVmRFlxbWZBSFVBaDNXLzUxbDgKK0l4RG1WKzk4MjcvVm8xSFZqYi9TclZnd2JUcS8xNmdndzhBQUFGbXYvS2NZQUFBQkFNQVJqQkVBaUJVTGFIWQoxczhudC9LOWtzZTRnQVVXM2NEdkxCNnVPbzhWZVpFM1IwMUNDQUlnVjUyTjJXakRtSXJHd2VmSFV3SVBBWVpPCngzem1ySFNNNVhhRnRLMFBFZVVBZHdDNzJkKzhINHB4dFpPVUk1ZXFrbnRIT0ZlVkNxdFM2QnFRbG1RMmpoN1IKaFFBQUFXYS84cHV4QUFBRUF3QklNRVlDSVFDckxOK1ZDQU1nbTNIK21JZTE5Tkpwc3R2eEtCQjJwNFhzZzJvRgpYV25CdFFJaEFOcGh0cHdHWlUwS2UvZzIvdG9nSG40QzN4UzRHM2RsbjhEZHJHcngvZmlPTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQ1J1cTk3anY5L0pwUnJYYjFGYU5tN2x3ck9EOVRlYVJEbzNNUkV6cW83Z1BBV1V2Y3oKMHE5MUsyZnFTWUZ1cnVBN0F2eEZDUlNPc2x0akdnRC9YVzd3dW41U2xyWVl3R3Z1UFdwbndOSnY0Sm1qdzhXMwpTb2NuTWpDUlNxdVNKUkZIV0xWT1k2SHZUSTQ4Zk11ZCtvYUlYTFZXUmZ5MUhUSkhLYnJoOUd2V25BM1ZyRHNhClg1SDBnS3h3NXdvYXhVWHZOandNZ2VBK1A0SS9rTFNVZ2h4QzFROGF5eFRUTXZ6Z0JkVEI4bzlVMEY5alR2VmIKSjFtZmRvRmxRaDlrcjhzaDF4QkpFNElzc3pJTVI1c3Z3ZjR5bjlqdVRhY2pTbjRRWDU0OGlXQWEzYlQ4bUZlQwpwNXM5NmNoSmt6NEhRZUgybnpjUHZFNkE2Z1JuZ2hoRE8yelMKPC9kczpYNTA5Q2VydGlmaWNhdGU%2BPC9kczpYNTA5RGF0YT48L2RzOktleUluZm8%2BPC9kczpTaWduYXR1cmU%2BPC9zYW1scDpBdXRoblJlcXVlc3Q%2B&RelayState=4rYAAG9l9Vs0MWUxYWY2ZDQyMTZiYTZiZDNjNjAwMzlhMDI1NGM5Yg%3D%3D&OKTA_INVALID_SESSION_REPOST=true&fromLoginToken=hhSaAPQYFlhwwoCOwRg2VV1oBUfZwaNeR2BjSsLJuJeSOk8OFC9SE8TJRu5df-l_mN049rX3oUsptY1clG3acWYNmXcrQIgSC2qNBIgKl8f0CaRjsRGsDWBA4CMtqItOY3n0HRG6sL85SXuVfcpkWQq1t2vZK0elJVN2pS_mwkec5egiPm6bTa_I2pkPPQQWCXEhgg4PPdCj7DygoIRLZ-g2GRqezPFP82btxuXZxnyRUKUo-KFNBpvHxaqsBgoTkBeCRWrKoTdD1PUlD1vCpjH1v_zdhdt-4X4-uzMFrjH0P0r3F-MJ9LJ1Kw33Yfw7nC57qtUNFpAV3roaAyeUaA"/>
</form>
<div class="content">
<div class="applogin-banner">
<div class="applogin-background"></div>
<div class="applogin-container">
<h1>
Connecting to<div class="applogin-app-logo">
<img src="https://company.okta.com/bc/globalFileStoreRecord?id=gfs2aomnpmwwyiQMu2p7" alt="GP VPN - LVN (Hidden)" class="logo panw_globalprotect"/></div>
</h1>
<p>Sign-in with your Company Inc. account to access GP VPN - LVN (Hidden)</p>
</div>
</div>
<style type="text/css">
.noscript-msg {
background-color: #fff;
border-color: #ddd #ddd #d8d8d8;
box-shadow:0 2px 0 rgba(175, 175, 175, 0.12);
text-align: center;
width: 398px;
min-width: 300px;
margin: 200px auto;
border-radius: 3px;
border-width: 1px;
border-style: solid;
}
.noscript-content {
padding: 42px;
}
.noscript-content h2 {
padding-bottom: 20px;
}
.noscript-content h1 {
padding-bottom: 25px;
}
.noscript-content a {
background: transparent;
box-shadow: none;
display: table-cell;
vertical-align: middle;
width: 314px;
height: 50px;
line-height: 36px;
color: #fff;
background: linear-gradient(#007dc1, #0073b2), #007dc1;
border: 1px solid;
border-color: #004b75;
border-bottom-color: #00456a;
box-shadow: rgba(0, 0, 0, 0.15) 0 1px 0, rgba(255, 255, 255, 0.1) 0 1px 0 0 inset;
-webkit-border-radius: 3px;
border-radius: 3px;
}
.noscript-content a:hover {
background: #007dc1;
cursor: hand;
text-decoration: none;
}
</style>
<noscript>
<div id="noscript-msg" class="noscript-msg">
<div class="noscript-content">
<h2>Javascript is required</h2>
<h1>Javascript is disabled on your browser. Please enable Javascript and refresh this page.</h1>
<a href=".">Refresh</a>
</div>
</div>
</noscript>
<div id="signin-container"></div>
<div id="okta-sign-in" class="auth-container main-container" style="display:none">
<div id="unsupported-onedrive" class="unsupported-message" style="display:none">
<h2 class="o-form-head">Your OneDrive version is not supported</h2>
<p>Upgrade now by installing the OneDrive for Business Next Generation Sync Client to login to Okta</p>
<a class="button button-primary" target="_blank" href="https://support.okta.com/help/articles/Knowledge_Article/Upgrading-to-OneDrive-for-Business-Next-Generation-Sync-Client">
Learn how to upgrade</a>
</div>
<div id="unsupported-cookie" class="unsupported-message" style="display:none">
<h2 class="o-form-head">Cookies are required</h2>
<p>Cookies are disabled on your browser. Please enable Cookies and refresh this page.</p>
<a class="button button-primary" target="_blank" href=".">
Refresh</a>
</div>
</div>
</div>
<div class="footer">
<div class="footer-container clearfix">
<p class="copyright">Powered by <a href="http://www.okta.com/" class="inline-block notranslate">Okta</a></p>
<p class="privacy-policy"><a href="/privacy" target="_blank" class="inline-block margin-l-10">Privacy Policy</a></p>
</div>
</div>
<script type="text/javascript">function runLoginPage (fn) {var mainScript = document.createElement('script');mainScript.src = 'https://company.okta.com/assets/js/mvc/loginpage/initLoginPage.pack.28480ea192eb1871ce16e253fbd87728.js?v=1';document.getElementsByTagName('head')[0].appendChild(mainScript);fn && mainScript.addEventListener('load', function () { setTimeout(fn, 1) });}</script><script type="text/javascript">
(function(){
var baseUrl = 'https\x3A\x2F\x2Fcompany.okta.com';
var suppliedRedirectUri = '';
var repost = true;
var stateToken = '00atCW5r3LY0XKIs\x2D9fCclZNcinELsTZXtFcrDKB23';
var fromUri = '\x2Fapp\x2Fpanw_globalprotect\x2Fexk2jo2uafxlvaNue2p7\x2Fsso\x2Fsaml\x3FSAMLRequest\x3DPHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vcG9ydGFsLnZwbi5icm9hZGNvbS5jb206NDQzL1NBTUwyMC9TUC9BQ1MiIERlc3RpbmF0aW9uPSJodHRwczovL2Jyb2FkY29tLm9rdGEuY29tL2FwcC9wYW53X2dsb2JhbHByb3RlY3QvZXhrMmpvMnVhZnhsdmFOdWUycDcvc3NvL3NhbWwiIElEPSJfM2FhZjM4MWI0M2Y5OTQzNTYwYTg1OTRjMGU1OGNjNWUiIElzc3VlSW5zdGFudD0iMjAxOS0wMS0yM1QwNDo0MTowOFoiIFByb3RvY29sQmluZGluZz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmJpbmRpbmdzOkhUVFAtUE9TVCIgVmVyc2lvbj0iMi4wIj48c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI\x252BaHR0cHM6Ly9wb3J0YWwudnBuLmJyb2FkY29tLmNvbTo0NDMvU0FNTDIwL1NQPC9zYW1sOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KPGRzOlNpZ25lZEluZm8\x252BCjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8\x252BCjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KPGRzOlJlZmVyZW5jZSBVUkk9IiNfM2FhZjM4MWI0M2Y5OTQzNTYwYTg1OTRjMGU1OGNjNWUiPgo8ZHM6VHJhbnNmb3Jtcz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8\x252BCjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPC9kczpUcmFuc2Zvcm1zPgo8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4KPGRzOkRpZ2VzdFZhbHVlPjJDOG5oK2VQYmZMMFlYVGhMWE1Dand2aDdSRT08L2RzOkRpZ2VzdFZhbHVlPgo8L2RzOlJlZmVyZW5jZT4KPC9kczpTaWduZWRJbmZvPgo8ZHM6U2lnbmF0dXJlVmFsdWU\x252BcWxkbDI5WnV4OWF6aGZNUTFvUmlXSU81aXEyK3lVQWlyblNoV0pvVkpOVmtkZXkxeEFwL09aUFVpeURJS2pWRAo1cVU4ZU9sbEpGaWF3ZW5oS3RLSVhicG4yOVUwQVZxTGxXaUpYRlZUbW1IU0l0WG9wU2FyM1lBQTFNRUNYUFpxCk5iOE9xSWVnZm5yeVdSaVdBTUNPZU1CSTlXSG52YWVNNGkxZUNrVnl4ZWNrbGp6SndPTEhGT1I4ZXQ5Rzgzb28KRHVpVFdHMkVGVEU4N1dZbUtvRE15QW4vZ2UvamdrWmsyUzJXUFlIN0x0QUFmOWtNdW1WT3pDSERwSXdWYkxwSQpuYlJsbjFtdmY5U0dQOTI5dnJwS3MrbHVpTWEyVW03OTEyN3N3ZWpLU0pKM3VwQ05XV1BBWkdkbjIzSjE5citKCnVVUEZrUjRiYWgwSERBaXZqNEtwc3c9PTwvZHM6U2lnbmF0dXJlVmFsdWU\x252BCjxkczpLZXlJbmZvPjxkczpLZXlOYW1lPioudnBuLmJyb2FkY29tLmNvbTwvZHM6S2V5TmFtZT48ZHM6WDUwOURhdGE\x252BPGRzOlg1MDlTdWJqZWN0TmFtZT5DTj0qLnZwbi5icm9hZGNvbS5jb20sT1U9SVQsTz1Ccm9hZGNvbSBJbmMsTD1TYW4gSm9zZSxTVD1DYWxpZm9ybmlhLEM9VVM8L2RzOlg1MDlTdWJqZWN0TmFtZT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUdwekNDQlkrZ0F3SUJBZ0lRRGlwekd1TzhXMDJDYmVxanVxWHI4ekFOQmdrcWhraUc5dzBCQVFzRkFEQk4KTVFzd0NRWURWUVFHRXdKVlV6RVZNQk1HQTFVRUNoTU1SR2xuYVVObGNuUWdTVzVqTVNjd0pRWURWUVFERXg1RQphV2RwUTJWeWRDQlRTRUV5SUZObFkzVnlaU0JUWlhKMlpYSWdRMEV3SGhjTk1UZ3hNREk1TURBd01EQXdXaGNOCk1qQXhNREk1TVRJd01EQXdXakIyTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHQTFVRUNCTUtRMkZzYVdadmNtNXAKWVRFUk1BOEdBMVVFQnhNSVUyRnVJRXB2YzJVeEZUQVRCZ05WQkFvVERFSnliMkZrWTI5dElFbHVZekVMTUFrRwpBMVVFQ3hNQ1NWUXhHekFaQmdOVkJBTU1FaW91ZG5CdUxtSnliMkZrWTI5dExtTnZiVENDQVNJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTktZVnRBeEtxWXo0WDJFYXl6eDg1U20yeEN0SzdXbGRIQUkKMSs2ZTEyVytRbXd3VUpWbTBDeTQ1SHc0Q051RGpibE92WmVPTFY5dXRzUTRIR3hiRi81akNvN1NrcExldmVDSgpnN0YwU3l5Z3oveGRoOWg2bU1IcjhoSUJuNEZoVFpCdHJxMS9DQ0VkTEFOYlRxbkpzSEdrNm5rNDdibmd5NEhpClNPanJUSXBCNjc5L1ZKbFpyUDF1OVE1akFlV3VURGlFNFNCdk43NWhoUzl4dHZ0TWlRSGppam9UVjBXYXgzcDYKdUliaVc0SFRqRFppY2Y1RHV2ZC84VzVFVTFpRnptOGNaL3hQalZKbExLT3YxelhjYzgvdkNGcHg1L2pocTlsagordGppRk8rWDgzN3I1L2Y0MTZDQlR3MjhPYXdEdE5SM1RCc3JVN1dib2FUYmxzQlN2NXNDQXdFQUFhT0NBMWd3CmdnTlVNQjhHQTFVZEl3UVlNQmFBRkErQVlSeUNNV0hWTHlqbmpVWTR0Q3poeHRuaU1CMEdBMVVkRGdRV0JCVGoKTjZsTDJnbmpmblR4RVYyWDNpVlp6K21sbWpBZEJnTlZIUkVFRmpBVWdoSXFMblp3Ymk1aWNtOWhaR052YlM1agpiMjB3RGdZRFZSMFBBUUgvQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNECkFqQnJCZ05WSFI4RVpEQmlNQytnTGFBcmhpbG9kSFJ3T2k4dlkzSnNNeTVrYVdkcFkyVnlkQzVqYjIwdmMzTmoKWVMxemFHRXlMV2MyTG1OeWJEQXZvQzJnSzRZcGFIUjBjRG92TDJOeWJEUXVaR2xuYVdObGNuUXVZMjl0TDNOegpZMkV0YzJoaE1pMW5OaTVqY213d1RBWURWUjBnQkVVd1F6QTNCZ2xnaGtnQmh2MXNBUUV3S2pBb0JnZ3JCZ0VGCkJRY0NBUlljYUhSMGNITTZMeTkzZDNjdVpHbG5hV05sY25RdVkyOXRMME5RVXpBSUJnWm5nUXdCQWdJd2ZBWUkKS3dZQkJRVUhBUUVFY0RCdU1DUUdDQ3NHQVFVRkJ6QUJoaGhvZEhSd09pOHZiMk56Y0M1a2FXZHBZMlZ5ZEM1agpiMjB3UmdZSUt3WUJCUVVITUFLR09taDBkSEE2THk5allXTmxjblJ6TG1ScFoybGpaWEowTG1OdmJTOUVhV2RwClEyVnlkRk5JUVRKVFpXTjFjbVZUWlhKMlpYSkRRUzVqY25Rd0NRWURWUjBUQkFJd0FEQ0NBWDRHQ2lzR0FRUUIKMW5rQ0JBSUVnZ0Z1QklJQmFnRm9BSFlBcExrSmtMUVlXQlNIdXhPaXpHZHdDancxbUFUNUc5KzQ0M2ZORHNnTgozQkFBQUFGbXYvS2JmZ0FBQkFNQVJ6QkZBaUJYd3dIMXA3ZEZlZlduSngzMkxLSldNSnFtY1ZLY0dnR1Q5OVJzClJYTzFuQUloQU1BbGoxNVJVb3BYZ2pvcGZJRk44RHZ3QnBxSTdBOVNpKzQ0UXVmRFlxbWZBSFVBaDNXLzUxbDgKK0l4RG1WKzk4MjcvVm8xSFZqYi9TclZnd2JUcS8xNmdndzhBQUFGbXYvS2NZQUFBQkFNQVJqQkVBaUJVTGFIWQoxczhudC9LOWtzZTRnQVVXM2NEdkxCNnVPbzhWZVpFM1IwMUNDQUlnVjUyTjJXakRtSXJHd2VmSFV3SVBBWVpPCngzem1ySFNNNVhhRnRLMFBFZVVBZHdDNzJkKzhINHB4dFpPVUk1ZXFrbnRIT0ZlVkNxdFM2QnFRbG1RMmpoN1IKaFFBQUFXYS84cHV4QUFBRUF3QklNRVlDSVFDckxOK1ZDQU1nbTNIK21JZTE5Tkpwc3R2eEtCQjJwNFhzZzJvRgpYV25CdFFJaEFOcGh0cHdHWlUwS2UvZzIvdG9nSG40QzN4UzRHM2RsbjhEZHJHcngvZmlPTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQ1J1cTk3anY5L0pwUnJYYjFGYU5tN2x3ck9EOVRlYVJEbzNNUkV6cW83Z1BBV1V2Y3oKMHE5MUsyZnFTWUZ1cnVBN0F2eEZDUlNPc2x0akdnRC9YVzd3dW41U2xyWVl3R3Z1UFdwbndOSnY0Sm1qdzhXMwpTb2NuTWpDUlNxdVNKUkZIV0xWT1k2SHZUSTQ4Zk11ZCtvYUlYTFZXUmZ5MUhUSkhLYnJoOUd2V25BM1ZyRHNhClg1SDBnS3h3NXdvYXhVWHZOandNZ2VBK1A0SS9rTFNVZ2h4QzFROGF5eFRUTXZ6Z0JkVEI4bzlVMEY5alR2VmIKSjFtZmRvRmxRaDlrcjhzaDF4QkpFNElzc3pJTVI1c3Z3ZjR5bjlqdVRhY2pTbjRRWDU0OGlXQWEzYlQ4bUZlQwpwNXM5NmNoSmt6NEhRZUgybnpjUHZFNkE2Z1JuZ2hoRE8yelMKPC9kczpYNTA5Q2VydGlmaWNhdGU\x252BPC9kczpYNTA5RGF0YT48L2RzOktleUluZm8\x252BPC9kczpTaWduYXR1cmU\x252BPC9zYW1scDpBdXRoblJlcXVlc3Q\x252B\x26RelayState\x3D4rYAAG9l9Vs0MWUxYWY2ZDQyMTZiYTZiZDNjNjAwMzlhMDI1NGM5Yg\x253D\x253D\x26OKTA_INVALID_SESSION_REPOST\x3Dtrue\x26fromLoginToken\x3DhhSaAPQYFlhwwoCOwRg2VV1oBUfZwaNeR2BjSsLJuJeSOk8OFC9SE8TJRu5df\x2Dl_mN049rX3oUsptY1clG3acWYNmXcrQIgSC2qNBIgKl8f0CaRjsRGsDWBA4CMtqItOY3n0HRG6sL85SXuVfcpkWQq1t2vZK0elJVN2pS_mwkec5egiPm6bTa_I2pkPPQQWCXEhgg4PPdCj7DygoIRLZ\x2Dg2GRqezPFP82btxuXZxnyRUKUo\x2DKFNBpvHxaqsBgoTkBeCRWrKoTdD1PUlD1vCpjH1v_zdhdt\x2D4X4\x2DuzMFrjH0P0r3F\x2DMJ9LJ1Kw33Yfw7nC57qtUNFpAV3roaAyeUaA';
var username = '';
var rememberMe = true;
var smsRecovery = true;
var callRecovery = false;
var emailRecovery = true;
var usernameLabel = 'Username';
var usernameInlineLabel = 'Your\x20Company\x20Inc.\x20AD\x2FNT\x20account';
var passwordLabel = 'Password';
var passwordInlineLabel = 'Your\x20Company\x20Inc.\x20AD\x2FNT\x20password';
var signinLabel = 'Accept\x20Company\x20Inc.\x20Terms\x20\x26\x20Conditions';
var forgotpasswordLabel = 'Forgot\x20password\x3F';
var unlockaccountLabel = 'Unlock\x20account\x3F';
var helpLabel = 'Help';
var orgSupportPhoneNumber = '';
var hideSignOutForMFA = true;
var loginPageUrlRedirect = '';
var enableUrlFixForEmbeddedBrowsers = false;
var footerHelpTitle = 'Need\x20help\x20signing\x20in\x3F';
var recoveryFlowPlaceholder = 'Email\x20or\x20Username';
var signOutUrl = '';
var authScheme = 'OAUTH2';
var securityImage = true;
var windowsVerify = false;
windowsVerify = true;
var selfServiceUnlock = false;
selfServiceUnlock = true;
var preventBrowserFromSavingOktaPassword = false;
var enableMixpanelTracking = false;
var autoPush = false;
autoPush = true;
var publishToAccountChooser = false;
var accountChooserDiscoveryUrl = null;
publishToAccountChooser = true;
accountChooserDiscoveryUrl = 'https://login.okta.com/discovery/iframe.html';
// In case of custom app login, the uri is already absolute, so we must not attach baseUrl
var redirectUri;
if (isAbsoluteUri(fromUri)) {
redirectUri = fromUri;
} else {
redirectUri = baseUrl + fromUri;
}
var customButtons;
var customLinks = [];
customLinks.push({
text: 'Terms\x20and\x20Conditions',
href: 'https\x3A\x2F\x2Fmyportal.company.com\x2Fweb\x2Femployees\x2Fterms\x2Dconditions'
});
var linkParams;
var idpDiscovery;
var idpDiscoveryRequestContext;
var hasPasswordlessPolicy = false;
var showPasswordToggleOnSignInPage = false;
var hasOAuth2ConsentFeature = false;
var consentFunc;
var hasMfaAttestationFeature = false;
var registration = false;
var webauthn = false;
var loginPageConfig = {
fromUri: fromUri,
repost: repost,
redirectUri: redirectUri,
isMobileClientLogin: false,
isMobileSSO: false,
linkParams: linkParams,
hasChromeOSFeature: false,
showLinkToAppStore: false,
publishToAccountChooser: publishToAccountChooser,
accountChooserDiscoveryUrl: accountChooserDiscoveryUrl,
preventBrowserFromSavingOktaPassword: preventBrowserFromSavingOktaPassword,
enableMixpanelTracking: enableMixpanelTracking,
enableUrlFixForEmbeddedBrowsers: enableUrlFixForEmbeddedBrowsers,
loginPageUrlRedirect: loginPageUrlRedirect,
mfaAttestation: hasMfaAttestationFeature,
signIn: {
el: '#signin-container',
baseUrl: baseUrl,
logo: 'https://company.okta.com/bc/image/fileStoreRecord?id=fs09tph49bX08lpVi0x7',
logoText: 'Company\x20Inc.',
helpSupportNumber: orgSupportPhoneNumber,
stateToken: stateToken,
username: username,
signOutLink: signOutUrl,
consent: consentFunc,
authScheme: authScheme,
relayState: fromUri,
idpDiscovery: {
requestContext: idpDiscoveryRequestContext
},
features: {
router: true,
securityImage: securityImage,
rememberMe: rememberMe,
autoPush: autoPush,
webauthn: webauthn,
smsRecovery: smsRecovery,
callRecovery: callRecovery,
emailRecovery: emailRecovery,
windowsVerify: windowsVerify,
selfServiceUnlock: selfServiceUnlock,
multiOptionalFactorEnroll: true,
deviceFingerprinting: true,
trackTypingPattern: false,
hideSignOutLinkInMFA: hideSignOutForMFA,
customExpiredPassword: true,
idpDiscovery: idpDiscovery,
passwordlessAuth: hasPasswordlessPolicy,
consent: hasOAuth2ConsentFeature,
showPasswordToggleOnSignInPage: showPasswordToggleOnSignInPage,
registration: registration
},
assets: {
baseUrl: okta.cdnUrlHostname + '/assets/js/mvc/loginpage/i18n'
},
language: okta.locale,
i18n: {},
customButtons: customButtons,
helpLinks: {
help: 'https\x3A\x2F\x2Fcompanyprd.service\x2Dnow.com\x2Fsp',
forgotPassword: '',
unlock: '',
custom: customLinks
}
}
};
loginPageConfig.signIn.i18n[okta.locale] = {
'primaryauth.username.placeholder': usernameLabel,
'primaryauth.username.tooltip': usernameInlineLabel,
'primaryauth.password.placeholder': passwordLabel,
'primaryauth.password.tooltip': passwordInlineLabel,
'primaryauth.title': signinLabel,
'forgotpassword': forgotpasswordLabel,
'unlockaccount': unlockaccountLabel,
'help': helpLabel,
'needhelp': footerHelpTitle,
'password.forgot.email.or.username.placeholder': recoveryFlowPlaceholder,
'password.forgot.email.or.username.tooltip': recoveryFlowPlaceholder,
'account.unlock.email.or.username.placeholder': recoveryFlowPlaceholder,
'account.unlock.email.or.username.tooltip': recoveryFlowPlaceholder
};
function isOldWebBrowserControl() {
// We no longer support IE7. If we see the MSIE 7.0 browser mode, it's a good signal
// that we're in a windows embedded browser.
if (navigator.userAgent.indexOf('MSIE 7.0') === -1) {
return false;
}
// Because the userAgent is the same across embedded browsers, we use feature
// detection to see if we're running on older versions that do not support updating
// the documentMode via x-ua-compatible.
return document.all && !window.atob;
}
function isAbsoluteUri(uri) {
var pat = /^https?:\/\//i;
return pat.test(uri);
}
var unsupportedContainer = document.getElementById('okta-sign-in');
// Old versions of WebBrowser Controls (specifically, OneDrive) render in IE7 browser
// mode, with no way to override the documentMode. In this case, inform the user they need
// to upgrade.
if (isOldWebBrowserControl()) {
document.getElementById('unsupported-onedrive').removeAttribute('style');
unsupportedContainer.removeAttribute('style');
}
else if (!navigator.cookieEnabled) {
document.getElementById('unsupported-cookie').removeAttribute('style');
unsupportedContainer.removeAttribute('style');
}
else {
unsupportedContainer.parentNode.removeChild(unsupportedContainer);
runLoginPage(function () {
OktaLogin.initLoginPage(loginPageConfig);
});
}
}());
</script>
<script>
window.addEventListener('load', function(event) {
function applyStyle(id, style) {
if (style) {
var el = document.getElementById(id);
if (el) {
el.setAttribute('style', style);
}
}
}
applyStyle('login-bg-image', "background-image: url('https://company.okta.com/bc/fileStoreRecord?id=fs0cbourux0RANRj00x7')");
applyStyle('login-bg-image-ie8', "filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='https://company.okta.com/bc/fileStoreRecord?id=fs0cbourux0RANRj00x7', sizingMethod='scale')");
});
</script>
</body>
</html>
---
[INFO] okta redirect form request
Traceback (most recent call last):
File "./gp-okta.py", line 424, in <module>
main()
File "./gp-okta.py", line 387, in main
saml_username, prelogin_cookie = okta_redirect(conf, s, token, redirect_url)
File "./gp-okta.py", line 331, in okta_redirect
r = s.post(url, data=data)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 567, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 506, in request
prep = self.prepare_request(req)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 449, in prepare_request
hooks=merge_hooks(request.hooks, self.hooks),
File "/usr/lib/python2.7/dist-packages/requests/models.py", line 305, in prepare
self.prepare_url(url, params)
File "/usr/lib/python2.7/dist-packages/requests/models.py", line 379, in prepare_url
raise MissingSchema(error)
requests.exceptions.MissingSchema: Invalid URL '/login/cert': No schema supplied. Perhaps you meant http:///login/cert?
zsh: exit 1 ./gp-okta.py gp-okta.conf
from pan-globalprotect-okta.
Ah, so You were having two different issues, - feature of SMS verification and initial connection failure. For now, You can't even try to get SMS to verify this...
from pan-globalprotect-okta.
Closing, as SMS factor is implemented. Other issue is being discussed in #11.
from pan-globalprotect-okta.
Related Issues (17)
- Authentication failure post pOTP HOT 13
- requests.exceptions.MissingSchema: Invalid URL '/login/cert': No schema supplied. HOT 14
- Script fails with err: did not find saml request HOT 1
- prelogin.response: "Valid client certificate is required" HOT 4
- err: no factors processed with DUO
- Authentication failure HOT 33
- feedback after latest improvements HOT 68
- Include the other mfa methods in the configuration sample HOT 1
- Login error message after disconnect HOT 6
- Redirect issue
- Thanks! HOT 2
- [ERROR] empty "portal:portal-userauthcookie" cookie HOT 1
- Not working with fido2 0.9.3
- TypeError: cannot convert <class 'NoneType'> to bytes
- implement push factor HOT 1
- fix `raw_input` for python3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pan-globalprotect-okta.