"When SAML authentication is complete, specify destination form field by appending :field_name", I do not understand what to do
My command: openconnect --protocol=gp vpn.prod.awscentral.xxxxxxx.com
Before this message I have this one: SAML REDIRECT authentication is required via https://login.microsoftonline.com/xxxxxxxxverylongxxxxxxx
This is what I see at that page
In DOM of this page I have:
<saml-auth-status>1</saml-auth-status><prelogin-cookie>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</prelogin-cookie><saml-username>Vitaly.Zdanevich@xxxxx.com</saml-username><saml-slo>no</saml-slo><saml-SessionNotOnOrAfter></saml-SessionNotOnOrAfter>
Without any form fields.
I tried openconnect --protocol=gp -u=Vitaly.Zdanevich@xxxxxxxxx.com -C=xxxxxxxxfrom-prelogin-cookie-http-header vpn.prod.awscentral.xxxxxxx.com
and got:
POST https://vpn.prod.awscentral.xxxxxxx.com/ssl-vpn/getconfig.esp
Attempting to connect to server xx.xxx.xxx.xx:443
Connected to xx.xxx.xxx.xx:443
SSL negotiation with vpn.prod.awscentral.xxxxxxx.com
Connected to HTTPS on vpn.prod.awscentral.xxxxxxx.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-128-GCM)
Got HTTP response: HTTP/1.1 200 OK
Date: Mon, 06 Jun 2022 13:47:05 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 29
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length: (29)
Failed to parse server response
Response was: errors getting SSL/VPN config
Creating SSL connection failed
Cookie was rejected by server; exiting.
Also tried openconnect --protocol=gp --usergroup=gateway:prelogin-cookie vpn.prod.awscentral.xxxxx.com
:
POST https://vpn.prod.awscentral.xxxxx.com/ssl-vpn/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux
Attempting to connect to server xx.xxx.xxx.xx:443
Connected to xx.xxx.xxx.xx:443
SSL negotiation with vpn.prod.awscentral.xxxxx.com
Connected to HTTPS on vpn.prod.awscentral.xxxxx.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-128-GCM)
Got HTTP response: HTTP/1.1 200 OK
Date: Mon, 06 Jun 2022 14:06:29 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 1628
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
Set-Cookie: CLIENTOS=TGludXg%3D; expires=Tue, 07-Jun-2022 14:06:29 GMT; Max-Age=86400; path=/
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length: (1628)
Destination form field prelogin-cookie was specified; assuming SAML REDIRECT authentication is complete.
Prelogin form _login: "Username: " user(TEXT)=(null), "prelogin-cookie: " prelogin-cookie(PASSWORD)
[Palo Alto GlobalProtect Gateway]
Enter XX Active Directory login credentials (Email address)
Username: Vitaly.Zdanevich@xxxxx.com
prelogin-cookie:
POST https://vpn.prod.awscentral.xxxxx.com/ssl-vpn/login.esp
Got HTTP response: HTTP/1.1 512 Custom error
Date: Mon, 06 Jun 2022 14:06:42 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 128
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-private-pan-sslvpn: auth-failed
x-private-pan-sslvpn-extension: auth-failed-password-empty
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; secure; HttpOnly
HTTP body length: (128)
Unexpected 512 result from server
I am on Gentoo Linux.
What should I do?
Sorry that this is like a support ticket, but maybe you can improve your documentation about such cases, and messages.
Edited by Vitaly Zdanevich