GlobalProtect-openconnect icon indicating copy to clipboard operation
GlobalProtect-openconnect copied to clipboard

Published 20 hours ago verified publisher icon yuezk

SAML Authentication does not finish

Open TallGuy74 opened this issue 4 years ago • 6 comments
trafficstars

The authentication to my company VPN no longer works; probably the jstProcess that fails? Any idea how to fix this?

2021-10-12 09:16:44.899 INFO [2651] [SAMLLoginWindow::onLoadFinished@98] Load finished https://authenticator.pingone.com/pingid/ppm/auth/response?csrfToken=848ebeeb-9bb2-4b55-b44b-4d664e1f7964&status=OK&getStatusResponse=%7B%22status%22%3A%22OK%22%7D 2021-10-12 09:16:46.456 INFO [2651] [SAMLLoginWindow::onResponseReceived@64] Response received from https://auth.kochid.com/idp/iy49d/resumeSAML20/idp/SSO.ping 2021-10-12 09:16:46.459 INFO [2651] [SAMLLoginWindow::onLoadFinished@98] Load finished https://auth.kochid.com/idp/iy49d/resumeSAML20/idp/SSO.ping js: Uncaught ReferenceError: jstProcess is not defined 2021-10-12 09:16:47.045 INFO [2651] [SAMLLoginWindow::onLoadFinished@98] Load finished https://globalprotect.kochind.com/SAML20/SP/ACS

TallGuy74 avatar Oct 12 '21 07:10 TallGuy74

@TallGuy74 Does it work before?

The error log is a JavaScript error, it seems doesn't matter with the problem you encountered.

yuezk avatar Oct 13 '21 05:10 yuezk

Yes, it worked before. I'm currently using gp-saml-gui, and that works as well. With gpclient, I get the SAML page, log in, do a 2FA authentication, and it gives me a white window after that.

TallGuy74 avatar Oct 13 '21 06:10 TallGuy74

@TallGuy74 Did you upgrade the GlobalProtect-openconnect client before this issue happen? I want to make sure whether it is caused by the recent changes for the client or not.

yuezk avatar Oct 13 '21 07:10 yuezk

I did not. I am using globalprotect-openconnect version 1.3.0-1ppa1 from the ppa.

TallGuy74 avatar Oct 13 '21 07:10 TallGuy74

Some more logs: 2021-10-25 09:31:43.394 INFO [3748] [main@22] GlobalProtect started, version: v1.2.7 2021-10-25 09:31:43.490 INFO [3748] [GPClient::populateGatewayMenu@100] Populating the Switch Gateway menu... 2021-10-25 09:31:46.939 INFO [3748] [GPClient::populateGatewayMenu@100] Populating the Switch Gateway menu... 2021-10-25 09:31:49.765 INFO [3748] [GPClient::populateGatewayMenu@100] Populating the Switch Gateway menu... 2021-10-25 09:31:54.360 INFO [3748] [GPClient::populateGatewayMenu@100] Populating the Switch Gateway menu... 2021-10-25 09:31:57.661 INFO [3748] [GPClient::populateGatewayMenu@100] Populating the Switch Gateway menu... 2021-10-25 09:31:59.341 INFO [3748] [GPClient::populateGatewayMenu@100] Populating the Switch Gateway menu... 2021-10-25 09:32:12.749 INFO [3748] [GPClient::populateGatewayMenu@100] Populating the Switch Gateway menu... 2021-10-25 09:32:12.854 INFO [3748] [GPClient::doConnect@205] Start connecting... 2021-10-25 09:32:12.854 INFO [3748] [GPClient::doConnect@226] Start portal login... 2021-10-25 09:32:12.857 INFO [3748] [PortalAuthenticator::authenticate@29] Preform portal prelogin at https://globalprotect.kochind.com/global-protect/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux 2021-10-25 09:32:13.619 INFO [3748] [PortalAuthenticator::onPreloginFinished@46] Portal prelogin succeeded. 2021-10-25 09:32:13.619 INFO [3748] [PreloginResponse::parse@26] Start parsing the prelogin response... 2021-10-25 09:32:13.619 INFO [3748] [PortalAuthenticator::onPreloginFinished@50] Finished parsing the prelogin response. The region field is: NL 2021-10-25 09:32:13.619 INFO [3748] [PortalAuthenticator::samlAuth@117] Trying to perform SAML login with saml-method POST Remote debugging server started successfully. Try pointing a Chromium-based browser to http://127.0.0.1:12315 2021-10-25 09:32:14.001 INFO [3748] [SAMLLoginWindow::onLoadFinished@98] Load finished https://globalprotect.kochind.com/global-protect/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux 2021-10-25 09:32:14.020 INFO [3748] [SAMLLoginWindow::onLoadFinished@98] Load finished data:text/html;charset=UTF-8,%3Chtml%3E%0A%3Cbody%3E%0A%3Cform id%3D%22myform%22 method%3D%22POST%22 action%3D%22https%3A%2F%2Fauth.kochid.com%2Fidp%2FSSO.saml2%22%3E%0A%3Cinput type%3D%22hidden%22 name%3D%22SAMLRequest%22 value%3D%22PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vZ2xvYmFscHJvdGVjdC5rb2NoaW5kLmNvbTo0NDMvU0FNTDIwL1NQL0FDUyIgRGVzdGluYXRpb249Imh0dHBzOi8vYXV0aC5rb2NoaWQuY29tL2lkcC9TU08uc2FtbDIiIElEPSJfNjJlYTZlZDEyZDlhZDRhNTNhMGRkYmZmZmVmZWRlYTQiIElzc3VlSW5zdGFudD0iMjAyMS0xMC0yNVQwNzozMjoxM1oiIFByb3RvY29sQmluZGluZz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmJpbmRpbmdzOkhUVFAtUE9TVCIgVmVyc2lvbj0iMi4wIj48c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI%2BaHR0cHM6Ly9nbG9iYWxwcm90ZWN0LmtvY2hpbmQuY29tOjQ0My9TQU1MMjAvU1A8L3NhbWw6SXNzdWVyPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg%3D%3D%22 %2F%3E%0A%3Cinput type%3D%22hidden%22 name%3D%22RelayState%22 value%3D%22lRUcAkPp%2Bl5hNzEyYTFiOTA2MDRiMzIzYjE3NjAzOWYwNjYxYTJmMw%3D%3D%22 %2F%3E%0A%3C%2Fform%3E%0A%3Cscript%3E%0A document.getElementById%28%27myform%27%29.submit%28%29%3B%0A%3C%2Fscript%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E%0D%0A 2021-10-25 09:32:14.573 INFO [3748] [SAMLLoginWindow::onResponseReceived@64] Response received from https://auth.kochid.com/idp/SSO.saml2 [3748:4183:1025/093214.631166:ERROR:nss_ocsp.cc(591)] No URLRequestContext for NSS HTTP handler. host: cacerts.digicert.com [3748:4183:1025/093214.631206:ERROR:cert_verify_proc_nss.cc(918)] CERT_PKIXVerifyCert for globalprotect.kochind.com failed err=-8179 2021-10-25 09:32:14.827 INFO [3748] [GPClient::populateGatewayMenu@100] Populating the Switch Gateway menu... 2021-10-25 09:32:14.880 INFO [3748] [SAMLLoginWindow::onLoadFinished@98] Load finished https://auth.kochid.com/idp/SSO.saml2 2021-10-25 09:32:21.284 INFO [3748] [SAMLLoginWindow::onResponseReceived@64] Response received from https://auth.kochid.com/idp/CB5kd/resumeSAML20/idp/SSO.ping 2021-10-25 09:32:21.286 INFO [3748] [SAMLLoginWindow::onLoadFinished@98] Load finished https://auth.kochid.com/idp/CB5kd/resumeSAML20/idp/SSO.ping 2021-10-25 09:32:21.730 INFO [3748] [SAMLLoginWindow::onResponseReceived@64] Response received from https://authenticator.pingone.com/pingid/ppm/auth js: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''unsafe-hashes''. It will be ignored. js: Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-hashes' 'sha256-js+ewfjyv7VQmhY7dHXbng48en16Ci3tHTt08sLwmm4='". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.

2021-10-25 09:32:22.127 INFO [3748] [SAMLLoginWindow::onLoadFinished@98] Load finished https://authenticator.pingone.com/pingid/ppm/auth 2021-10-25 09:32:23.222 INFO [3748] [SAMLLoginWindow::onResponseReceived@64] Response received from https://authenticator.pingone.com/pingid/ppm/auth js: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''unsafe-hashes''. It will be ignored. js: Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-hashes' 'sha256-js+ewfjyv7VQmhY7dHXbng48en16Ci3tHTt08sLwmm4='". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.

2021-10-25 09:32:23.509 INFO [3748] [SAMLLoginWindow::onLoadFinished@98] Load finished https://authenticator.pingone.com/pingid/ppm/auth 2021-10-25 09:32:36.620 INFO [3748] [SAMLLoginWindow::onResponseReceived@64] Response received from https://authenticator.pingone.com/pingid/ppm/auth/response?csrfToken=d538e894-f8a2-43b7-8df3-9b252de63d2d&status=OK&getStatusResponse=%7B%22status%22%3A%22OK%22%7D js: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''unsafe-hashes''. It will be ignored. js: Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-hashes' 'sha256-js+ewfjyv7VQmhY7dHXbng48en16Ci3tHTt08sLwmm4='". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.

2021-10-25 09:32:36.995 INFO [3748] [SAMLLoginWindow::onLoadFinished@98] Load finished https://authenticator.pingone.com/pingid/ppm/auth/response?csrfToken=d538e894-f8a2-43b7-8df3-9b252de63d2d&status=OK&getStatusResponse=%7B%22status%22%3A%22OK%22%7D 2021-10-25 09:32:38.315 INFO [3748] [SAMLLoginWindow::onResponseReceived@64] Response received from https://auth.kochid.com/idp/CB5kd/resumeSAML20/idp/SSO.ping 2021-10-25 09:32:38.319 INFO [3748] [SAMLLoginWindow::onLoadFinished@98] Load finished https://auth.kochid.com/idp/CB5kd/resumeSAML20/idp/SSO.ping js: Uncaught ReferenceError: jstProcess is not defined 2021-10-25 09:32:38.794 INFO [3748] [SAMLLoginWindow::onLoadFinished@98] Load finished https://globalprotect.kochind.com/SAML20/SP/ACS

TallGuy74 avatar Oct 25 '21 07:10 TallGuy74

Good morning,

I have the same problem as TallGuy74 TallGuy74, did you find the solution? THANKS

nicerico avatar Jul 26 '23 14:07 nicerico