GlobalProtect-openconnect icon indicating copy to clipboard operation
GlobalProtect-openconnect copied to clipboard
verified publisher icon yuezk

Authentication not respecting default browser

Open avfxtd opened this issue 1 year ago • 1 comments

Using the paid GUI version, authentication doesn't seem to respect default browser. It seems to switch back and forth between firefox and chrome - in my case chrome is the default browser.

Expected behavior Should be using default web browser for authentication.

Environment: OS: openSUSE Leap 15.6 x86_64 DE: Plasma 5.27.11

Logs

[2024-09-10T22:26:37Z INFO  gpservice::cli] gpservice started: 2.3.3 (2024-06-23)
[2024-09-10T22:26:37Z INFO  gpservice::ws_server] WS server listening on port: 35665
[2024-09-10T22:26:37Z INFO  gpapi::process::gui_launcher] Version check passed: 2.3.3
[2024-09-10T22:26:37Z INFO  gpapi::process::gui_launcher] Launching gpgui
[2024-09-10T22:26:37Z INFO  gpgui::cli] gpgui started: 2.3.3 (2024-06-23)
[2024-09-10T22:26:37Z INFO  gpgui::app] Setting the custom openssl conf path

(gpgui:2695): dbind-WARNING **: 07:56:37.701: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files
[2024-09-10T22:26:37Z INFO  gpgui::config::private_data] Loaded config from file
[2024-09-10T22:26:37Z INFO  gpgui::app::app_initializer] App initialized
[2024-09-10T22:26:37Z INFO  gpgui::ws_connector] Connecting to WS server
[2024-09-10T22:26:37Z INFO  gpgui::ws_connector] Received ping
[2024-09-10T22:26:37Z INFO  gpgui::ws_connector] Connected to WS server
[2024-09-10T22:26:37Z INFO  gpservice::handlers] New client connected
[2024-09-10T22:26:37Z INFO  gpservice::ws_server] Sending current VPN state to new client

** (gpgui:2695): WARNING **: 07:56:37.832: webkit_settings_set_enable_offline_web_application_cache is deprecated and does nothing.
Could not determine the accessibility bus address
[2024-09-10T22:26:38Z INFO  gpapi::utils::window] Window raised after 1 attempts
[2024-09-10T22:26:38Z INFO  gpgui::handlers::subscription] Sending the init event to client: main
[2024-09-10T22:26:38Z INFO  gpgui::handlers::subscription] Sent the init event to client: main
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Connecting to the portal: r**********z...
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Trying to connect the gateway directly...
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Failed to connect the gateway directly: No credential found
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Trying to connect portal with cached credential...
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Failed to connect portal with cached credential: No cached credential found for the portal
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Trying to connect the portal with prelogin...
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Performing portal prelogin...
[2024-09-10T22:26:40Z INFO  gpapi::portal::prelogin] Portal prelogin with user_agent: PAN GlobalProtect/6.0.1-19 (Linux openSUSE Leap 15.6)
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Authenticating portal...
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Launching SAML authentication...
[2024-09-10T22:26:40Z INFO  gpgui::portal_connector] Waiting for the user to authenticate in the browser...
[2024-09-10T22:27:50Z INFO  gpgui::portal_connector] Received gp callback from the browser
[2024-09-10T22:27:50Z INFO  gpapi::auth] Parsing SAML auth data...
[2024-09-10T22:27:50Z INFO  gpgui::portal_connector] Fetching the portal config...
[2024-09-10T22:27:50Z INFO  gpapi::utils::window] Window raised after 1 attempts
[2024-09-10T22:27:50Z INFO  gpapi::portal::config] Portal config, user_agent: PAN GlobalProtect/6.0.1-19 (Linux openSUSE Leap 15.6)
[2024-09-10T22:27:51Z INFO  gpgui::portal_connector] Retrieved 1 gateway(s) from the portal, updating...
[2024-09-10T22:27:51Z INFO  gpgui::portal_connector] Performing gateway login, gateway: r**********z...
[2024-09-10T22:27:51Z INFO  gpapi::gateway::login] Gateway login, user_agent: PAN GlobalProtect/6.0.1-19 (Linux openSUSE Leap 15.6)
[2024-09-10T22:27:51Z INFO  gpgui::portal_connector] Gateway login succeeded, gateway: r**********z
[2024-09-10T22:27:51Z INFO  gpgui::portal_connector] Connecting to the gateway...
[2024-09-10T22:27:51Z INFO  openconnect::ffi] openconnect version: v9.12
[2024-09-10T22:27:51Z INFO  openconnect::ffi] User agent: PAN GlobalProtect/6.0.1-19 (Linux openSUSE Leap 15.6)
[2024-09-10T22:27:51Z INFO  openconnect::ffi] VPNC script: /etc/openconnect/vpnc-script
[2024-09-10T22:27:51Z INFO  openconnect::ffi] OS: linux
[2024-09-10T22:27:51Z INFO  openconnect::ffi] CSD_USER: 1000
[2024-09-10T22:27:51Z INFO  openconnect::ffi] CSD_WRAPPER: (null)
[2024-09-10T22:27:51Z INFO  openconnect::ffi] RECONNECT_TIMEOUT: 300
[2024-09-10T22:27:51Z INFO  openconnect::ffi] MTU: 0
[2024-09-10T22:27:51Z INFO  openconnect::ffi] DISABLE_IPV6: 0
[2024-09-10T22:27:51Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp
[2024-09-10T22:27:51Z INFO  openconnect::ffi] Connected to [**********]:443
[2024-09-10T22:27:51Z INFO  openconnect::ffi] SSL negotiation with [**********]
[2024-09-10T22:27:51Z INFO  openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
[2024-09-10T22:27:51Z INFO  openconnect::ffi] Tunnel timeout (rekey interval) is 30 minutes.
[2024-09-10T22:27:51Z INFO  openconnect::ffi] Idle timeout is 30 minutes.
[2024-09-10T22:27:51Z WARN  openconnect::ffi] No MTU received. Calculated 1422 for ESP tunnel
[2024-09-10T22:27:51Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/hipreportcheck.esp
[2024-09-10T22:27:51Z WARN  openconnect::ffi] WARNING: Server asked us to submit HIP report with md5sum 7ed09fb3a9de66961ad50a1cbec7c79b.
    VPN connectivity may be disabled or limited without HIP report submission.
    You need to provide a --csd-wrapper argument with the HIP report submission script.
[2024-09-10T22:27:51Z INFO  openconnect::ffi] ESP session established with server
[2024-09-10T22:27:51Z INFO  openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-09-10T22:27:53Z INFO  openconnect::ffi] Using vhost-net for tun acceleration, ring size 32
[2024-09-10T22:27:53Z INFO  openconnect::vpn] Connected to VPN, pipe_fd: 14
[2024-09-10T22:27:53Z INFO  gpgui::portal_connector] Connected to the gateway: r**********z
[2024-09-10T22:56:51Z INFO  openconnect::ffi] GlobalProtect rekey due
[2024-09-10T22:56:51Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/getconfig.esp
[2024-09-10T22:56:51Z INFO  openconnect::ffi] SSL negotiation with [**********]
[2024-09-10T22:56:51Z INFO  openconnect::ffi] Connected to HTTPS on [**********] with ciphersuite (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
[2024-09-10T22:56:51Z INFO  openconnect::ffi] Tunnel timeout (rekey interval) is 30 minutes.
[2024-09-10T22:56:51Z INFO  openconnect::ffi] Idle timeout is 30 minutes.
[2024-09-10T22:56:51Z INFO  openconnect::ffi] POST https://[**********]/ssl-vpn/hipreportcheck.esp
[2024-09-10T22:56:51Z INFO  openconnect::ffi] ESP session established with server
[2024-09-10T22:56:51Z INFO  openconnect::ffi] ESP tunnel connected; exiting HTTPS mainloop.
[2024-09-10T23:25:51Z INFO  openconnect::ffi] GlobalProtect rekey due

avfxtd avatar Sep 12 '24 01:09 avfxtd

Thanks for the feedback, I will enhance it. Related: https://github.com/yuezk/GlobalProtect-openconnect/issues/416

yuezk avatar Sep 12 '24 05:09 yuezk

Hi @avfxtd, the default browser detection has been improved and we can also configure the external browser to use in https://github.com/yuezk/GlobalProtect-openconnect/releases/tag/v2.3.8

Let me know if it doesn't work for you.

yuezk avatar Nov 01 '24 03:11 yuezk