GlobalProtect-openconnect
GlobalProtect-openconnect copied to clipboard
yuezk
error on opening app: the secure storage is not ready.
Hello,
I updated my computer earlier today. I'm on Kubuntu 22.04, kernel version 6.5.0-15-generic (64-bit). I went to connect with my work vpn, which I use this app to connect to, and I get the following error message on a blank background inside the app window when I start it.
'ERROR
The secure storage is not ready. Platform secure storage failure: zbus error:
org.freedesktop.DBus.Error.ServiceUnknown The name org. freedesktop.secrets was not provided by any .service files'
What can I do to get this back up and running again? The application is working on some of my other computers.
@lgsmith Please ensure that Kwallet is installed on your system, the same as #284.
I will check this, but the app has been working flawlessly on this computer for months prior to this issue today. I don’t think I made any changes to the presence or absence of k wallet in the last few months.
On Sat, Jan 27, 2024 at 8:25 PM Kevin Yue @.***> wrote:
@lgsmith https://github.com/lgsmith Please ensure that Kwallet is installed on your system, the same as #284 https://github.com/yuezk/GlobalProtect-openconnect/issues/284.
— Reply to this email directly, view it on GitHub https://github.com/yuezk/GlobalProtect-openconnect/issues/305#issuecomment-1913400113, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABAZVYKIHXZ4NDQHSYHIPFTYQWSKFAVCNFSM6AAAAABCNVWENSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJTGQYDAMJRGM . You are receiving this because you were mentioned.Message ID: @.***>
The client has been refactored as 2.x, which will use the secret service to encrypt the user data. And Kwallet is the secret service provider for KDE. Client 1.x doesn't have this feature. That's why it works without Kwallet.
Unfortunately the package kwalletmanager was already installed and up to date; in the hopes that it was some specific lib that was missing I installed the kwalletcli package, but unfortunately that didn't change the error message in any way. Is there other information I could provide that might be helpful? Which specific kwallet lib do you think may be missing?
Seems that kwallet is just a client application, you might need to try ksecrets according to this thread, https://forum.authpass.app/t/what-is-the-provider-of-org-freedesktop-secrets-for-kde-plasma-5/162.
@lgsmith I was able to reproduce this problem with ubuntu 18.04 installing KDE, the reason is that there is no org.freedesktop.secrets implementation for KDE. Kwallet doesn't implement it either.
So we have to use gnome-keyring. Although the package name starts with gnome-, it's not specific to GNOME DE, it can be installed separately to provide secrets management.
gnome-keyring is a member of the gnome group is thus usually present on systems running GNOME. The package can otherwise be installed on its own.
via GNOME/Keyring
Reboot may be required after installing gnome-keyring.
I installed gnome-keyring and it seems to alleviate this particular issue. However I got multiple 'failed prelogin' messages as I tried to click through to connect. After a few tries (don't know why doing it repeatedly worked but it did) I got through to my institution's splash page, where I was able to provide my credentials.
If that kind of instability persists I'm thinking I should make a new issue out of it and close this one, but if you think they're related I can provide you with whatever other information you need here.
Weird, I see your portal has a valid pre-login response at https://vpn.upenn.edu/global-protect/prelogin.esp Can you try to clear the saved credentials via the menu and try again?
If it still errors, please upload the log file. The location is: ~/.local/share/gpclient/gpclient.log
@lgsmith hello Bro, did you solve the issue? thank you I'm experiencing same Error "the storage is not ready"
Yes as you can see below: gnome-keyring is already the newest version (40.0-3ubuntu3). for info i'm using OpenConnect version v8.20-1
I have not fully cracked it as I mentioned above, but installing gnome keyring did alleviate the issue I outlined in my original post. I will see if @yuezk 's suggestions about clearing saved credentials fixes my ongoing issues tonight.
Yes as you can see below: gnome-keyring is already the newest version (40.0-3ubuntu3). for info i'm using OpenConnect version v8.20-1
Please check the service status of gnome-keyring-daemon.service. Start it if it is not.
@yuezk I'm able to connect, but that's after a series of repeated failures even after clearing the saved credentials. It was like I had to have it fail to get the prelogin splash, then I clicked through again and got it, then the connection somehow failed after I provided my credentials. I provided these again and it succeeded. This is much like last night. Please find a zip of the relevant log included at the link below: lgsmith-gpclient.zip
@lgsmith I can get the prelogin response with the region field using your portal, it may related to the network. Would please post your prelogin response here? By visiting https://vpn.upenn.edu/global-protect/prelogin.esp
Looks like I get a success. Again, this is from updating the client. The 2.0 beta is definitely when this stopped working for me from this particular computer, which has a wired connection to the internet.
<prelogin-response>
<status>Success</status>
<ccusername/>
<autosubmit>false</autosubmit>
<msg/>
<newmsg/>
<authentication-message>Enter login credentials</authentication-message>
<username-label>Username</username-label>
<password-label>Password</password-label>
<panos-version>1</panos-version>
<saml-default-browser>yes</saml-default-browser>
<cas-auth>no</cas-auth>
<saml-auth-status>0</saml-auth-status>
<saml-auth-method>POST</saml-auth-method>
<saml-request-timeout>600</saml-request-timeout>
<saml-request-id>0</saml-request-id>
<saml-request>
PGh0bWw+Cjxib2R5Pgo8Zm9ybSBpZD0ibXlmb3JtIiBtZXRob2Q9IlBPU1QiIGFjdGlvbj0iaHR0cHM6Ly9pZHAucGVubmtleS51cGVubi5lZHUvaWRwL3Byb2ZpbGUvU0FNTDIvUE9TVC9TU08iPgo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJTQU1MUmVxdWVzdCIgdmFsdWU9IlBITmhiV3h3T2tGMWRHaHVVbVZ4ZFdWemRDQjRiV3h1Y3pwellXMXNjRDBpZFhKdU9tOWhjMmx6T201aGJXVnpPblJqT2xOQlRVdzZNaTR3T25CeWIzUnZZMjlzSWlCQmMzTmxjblJwYjI1RGIyNXpkVzFsY2xObGNuWnBZMlZWVWt3OUltaDBkSEJ6T2k4dmRuQnVMblZ3Wlc1dUxtVmtkVG8wTkRNdlUwRk5UREl3TDFOUUwwRkRVeUlnUkdWemRHbHVZWFJwYjI0OUltaDBkSEJ6T2k4dmFXUndMbkJsYm01clpYa3VkWEJsYm00dVpXUjFMMmxrY0M5d2NtOW1hV3hsTDFOQlRVd3lMMUJQVTFRdlUxTlBJaUJKUkQwaVh6aGtPV1kzTVRVMVkyWmtNR0ZtWldFNVpXVmxNRFV6WlRneVpXSTNORFEzSWlCSmMzTjFaVWx1YzNSaGJuUTlJakl3TWpRdE1ESXRNREZVTURNNk16TTZOVFphSWlCUWNtOTBiMk52YkVKcGJtUnBibWM5SW5WeWJqcHZZWE5wY3pwdVlXMWxjenAwWXpwVFFVMU1Pakl1TURwaWFXNWthVzVuY3pwSVZGUlFMVkJQVTFRaUlGWmxjbk5wYjI0OUlqSXVNQ0krUEhOaGJXdzZTWE56ZFdWeUlIaHRiRzV6T25OaGJXdzlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoYzNObGNuUnBiMjRpUG1oMGRIQnpPaTh2ZG5CdUxuVndaVzV1TG1Wa2RUbzBORE12VTBGTlRESXdMMU5RUEM5ellXMXNPa2x6YzNWbGNqNDhMM05oYld4d09rRjFkR2h1VW1WeGRXVnpkRDQ9IiAvPgo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJSZWxheVN0YXRlIiB2YWx1ZT0iME1FSUFHZDFiR1V5T0RRMlpEUXlOR1k0WW1WaU5UVXdOR0UyTWprNE5tUmtZelptWWpnd09RPT0iIC8+CjwvZm9ybT4KPHNjcmlwdD4KICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnbXlmb3JtJykuc3VibWl0KCk7Cjwvc2NyaXB0Pgo8L2JvZHk+CjwvaHRtbD4NCg==
</saml-request>
<auth-api>no</auth-api>
<region/>
</prelogin-response>
@lgsmith I see. The problem is that I have a required validation for the region field, but in your network the region is <region />, which means empty in XML. Below is the response when I visiting the prelogin endpoint.
Looks like I can remove the required validation for the region field.
It looks like your update has fixed the graphical user interface. I'm having issues with the terminal interface. I will post a separate issue for this.
On Tue, Feb 6, 2024 at 8:25 PM Kevin Yue @.***> wrote:
Closed #305 https://github.com/yuezk/GlobalProtect-openconnect/issues/305 as completed.
— Reply to this email directly, view it on GitHub https://github.com/yuezk/GlobalProtect-openconnect/issues/305#event-11725913569, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABAZVYIWJPO672ZPS3ZF6MTYSLJ2FAVCNFSM6AAAAABCNVWENSVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJRG4ZDKOJRGM2TMOI . You are receiving this because you were mentioned.Message ID: @.*** com>