-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Would openconnect (GP) work with Azure AD and Microsoft Authenticator App? #137
Comments
First of all, I know nothing about Azure AD, and can't keep up with the explosion of federated single-sign-on providers out there. Please point other users to relevant technical documentation of how these work, if possible. Seems that Azure AD uses SAML like most other services: https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol Based on the way that other similar services work (Okta in particular, SAML in general), you would need some kind of script to do the HTTPS-based "authentication dance" and pass the resulting authentication tokens to Lastly, is this question actually specific to the GlobalProtect protocol? Probably not… in which case it's more appropriate for the openconnect-devel list. |
Thanks Dan for pointing me in the right directions. We'll see how this whole thing at our company will go further. There are currently some discussions going on regarding this topic. And most likely I'll need to create a script for the auth dance. Let's see. |
I just tried it and it works :) |
@stipx Can you share your script? |
@JamieMagee there is no script. Basically it works like this:
So my whole concerns were invalid. |
@stipx, thanks for the explanation and the useful reference. This is similar to how Symantec VIP access works in its "smartphone app mode"; it sends an "Approve/Deny?" request to the user's smartphone when the user tries to login, and then the login server blocks until the user responds on the smartphone. |
My company recently switch from Okta to Microsoft Authenticator causing the standard Gnome VPN client to not connect anymore, for those with the same issue @vlaci's https://github.com/vlaci/openconnect-sso solved the issue. |
Hi,
at our company our IT department is switching to Azure AD with Microsoft Authenticator App (in notification mode). I would suspect that an URL is polled which returns the status of the auth app. Basically the client would need the information if the approval button got clicked at the app.
Has somebody any experience with openconnect (wich global protect) and such solutions?
Thanks
The text was updated successfully, but these errors were encountered: