Cookie retention for SSO/saml connections
I use an anyconnect VPN system that is linked to the Microsoft online account system (for enterprises) with 2 factor authentication enabled. I have no access to the server configuration.
I have set my (networkmanager based) connection to save passwords and I've checked using nmcli that a token is actually saved. However the server appears to be configured to always trigger a browser based refresh of the token. This browser flow involves a number of screens, starting with a a username question (to redirect to the right saml server), then a username password dialog and then the 2 factor verification. When reconnecting within the same UI session these browser windows are redirected due to retained cookies in the webview. But in a new session (like restart of the computer) this information is not retained and I am forced to log in again.
When using the official anyconnect client this same flow is visible (flickering on web views that almost immediately disappear).
What I would like is to be able to retain the authentication (for as long as the server allows - it will invalidate the 2 factor after 60 days). It appears that this can be resolved by storing the cookies set by the server(s).
I've looked at the implementation of openconnect_webview_load_changed
. The code only appears to attempt to read the final (token) cookie, but not any intermediate cookies. In this case storing these intermediate cookies (making sure to also record the host) would represent a significant improvement to the user experience. (clients would still need to support reading these cookies into the session, but first they need to be retained).