zdave / openconnect-gp-okta Goto Github PK
View Code? Open in Web Editor NEWOpenConnect wrapper which logs into a GlobalProtect gateway, authenticating with Okta
OpenConnect wrapper which logs into a GlobalProtect gateway, authenticating with Okta
Hi! Trying to run your script:
[sm@localhost openconnect-gp-okta]$ python openconnect-gp-okta
Traceback (most recent call last):
File "/home/sm/openconnect-gp-okta/openconnect-gp-okta", line 4, in <module>
import click
ModuleNotFoundError: No module named 'click'
[sm@localhost openconnect-gp-okta]$ pythonw openconnect-gp-okta
bash: pythonw: command not found...
Similar command is: 'python'
[sm@localhost openconnect-gp-okta]$ python3 openconnect-gp-okta
Traceback (most recent call last):
File "/home/sm/openconnect-gp-okta/openconnect-gp-okta", line 4, in <module>
import click
ModuleNotFoundError: No module named 'click'
[sm@localhost openconnect-gp-okta]$ pip3 install click
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: click in /home/sm/.local/lib/python3.6/site-packages (7.1.2)
WARNING: You are using pip version 21.1.2; however, version 21.1.3 is available.
You should consider upgrading via the '/usr/bin/python3.6 -m pip install --upgrade pip' command.
Any ideas? :)
My organization now requires oauth2 for logging in with 2 factor authentication via phone push notifications. This requires that a web browser open a page to handle this and this is not supported.
Also, my organization requires --csd-wrapper be passed to openconnect so I suggest a --csd-wrapper option to this.
ImportError: [...] /python3.10/site-packages/lxml/etree.cpython-310-x86_64-linux-gnu.so: undefined symbol: _PyGen_Send
lxml is pinned to version 4.6.2 in requirements.txt
which does not work with python 3.10.
lxml fixed this bug in 4.6.3
Upgrading to current (4.8.0) worked for me. bumping from 4.6.2 to 4.6.3 would probably be sufficient.
upgrading my virtual environment:
pip install lxml --upgrade
Hi, I thought it would be nice to save the password safely instead of passing it in plain text (even though 2FA is still active)
Is there a point where we know login was successful, but the main loop of openconnect hasn’t been entered yet?
Alternatively we could save the password when a SIGTERM is happening …
script is working great with MFA okta push - thanks!
I'd like to enable token:hardware support, but my random guesses on how are not working:
69 if factor['factorType'] == 'token:hardware':
70 url = factor['_links']['verify']['href']
71 r = post_json(s, url, {'stateToken': r['stateToken']})
72 assert r['status'] == 'MFA_CHALLENGE'
73 code = input('One-time code for {} ({}): '.format(factor['provider'], factor['vendorName']))
74 r = post_json(s, url, {'stateToken': r['stateToken']}, 'passCode': code})
75 break
Line 71 is failing against our gp instance with:
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://<redacted>.okta.com/api/v1/authn/factors/.../verify
As far as I can figure out from the okta docs, the above is more or less what I should be doing? Any clues?
We should save the 2FA cookie in platformdirs.user_cache_dir
so people only have to handle the challenge when required.
It looks like the original author no longer has time or inclination to work on this.
I'd suggest other users to switch to https://github.com/ALescouet/openconnect-gp-okta which is still active.
@zdave if you happen to read this, would you consider transferring maintainership? Thanks.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.