GlobalProtect-openconnect icon indicating copy to clipboard operation
GlobalProtect-openconnect copied to clipboard
verified publisher icon yuezk

Ability to cancel normal auth after successful SAML login

Open z0rc opened this issue 5 years ago • 1 comments

GP configuration in my company is kinda wonky and I get a second login screen after successful SAML auth, it looks like this on macOS: Screen Shot 2021-03-19 at 15 26 47 I have to click "Cancel" here. After that GP client completes auth flow and establishes VPN connection.

Now to the problem. Using gpclient I'm able to pass SAML auth, but normal auth form (which appears after SAML auth) doesn't let me through. There is no "Cancel" button and pressing "Login" with empty fields does nothing. image

z0rc avatar Mar 19 '21 13:03 z0rc

Here are the logs up to normal auth login form:

% gpclient
2021-03-19 15:23:54.076 INFO  [170417] [main@22] GlobalProtect started, version: v1.2.7
2021-03-19 15:23:54.315 INFO  [170417] [GPClient::populateGatewayMenu@100] Populating the Switch Gateway menu...
2021-03-19 15:23:57.274 INFO  [170417] [GPClient::populateGatewayMenu@100] Populating the Switch Gateway menu...
2021-03-19 15:23:57.393 INFO  [170417] [GPClient::doConnect@205] Start connecting...
2021-03-19 15:23:57.393 INFO  [170417] [GPClient::doConnect@221] Start gateway login using the previously saved gateway...
2021-03-19 15:23:57.393 INFO  [170417] [GPClient::gatewayLogin@316] Performing gateway login...
2021-03-19 15:23:57.396 INFO  [170417] [GatewayAuthenticator::authenticate@26] Start gateway authentication...
2021-03-19 15:23:57.396 INFO  [170417] [GatewayAuthenticator::login@38] Trying to login the gateway at https://pafgpgw.company.com/ssl-vpn/login.esp with prot=https%3A&server=&inputSrc=&jnlpReady=jnlpReady&computer=higan&ok=Login&direct=yes&clientVer=4100&os-version=Ubuntu 20.10&clientos=Linux&portal-prelogonuserauthcookie=&prelogin-cookie=&ipv6-support=yes&user=&passwd=&portal-userauthcookie=
2021-03-19 15:23:57.859 ERROR [170417] [GatewayAuthenticator::onLoginFinished@49] Failed to login the gateway at https://pafgpgw.company.com/ssl-vpn/login.esp, Error transferring https://pafgpgw.company.com/ssl-vpn/login.esp - server replied: Custom error
2021-03-19 15:23:57.859 INFO  [170417] [GatewayAuthenticator::doAuth@70] Perform the gateway prelogin at https://pafgpgw.company.com/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux
2021-03-19 15:23:57.922 INFO  [170417] [GatewayAuthenticator::onPreloginFinished@87] Gateway prelogin succeeded.
2021-03-19 15:23:57.922 INFO  [170417] [PreloginResponse::parse@26] Start parsing the prelogin response...
2021-03-19 15:23:57.922 INFO  [170417] [GatewayAuthenticator::normalAuth@105] Trying to perform the normal login with Username / Password credentials

z0rc avatar Mar 19 '21 13:03 z0rc

It is no longer a problem in the latest release 2.x, closing.

yuezk avatar Jan 25 '24 01:01 yuezk