Add a fake SAML handler/form to fake-gp-server.py (!380) · Merge requests · OpenConnect VPN projects / OpenConnect

Daniel Lenski requested to merge fake_GP_SAML into master May 13, 2022

This allows authenticating to the fake server with https://github.com/dlenski/gp-saml-gui

# Start fake server 
$ ./fake-gp-server localhost 8080 certs/server-{cert,key}.pem 2>&1 >/dev/null &

# Configure fake server for SAML on the portal interface
$ curl -sk https://localhost:8080/CONFIGURE -d portal_saml=portal-userauthcookie -d portal_cookie=portal-userauthcookie

# Use gp-saml-gui to authenticate to it
$ gp-saml-gui --no-verify localhost:8080
...
... pops up window
... fills out login form
...
HOST=https://localhost:8080/global-protect/getconfig.esp:portal-userauthcookie
USER=nobody
COOKIE=FAKE_username_nobody_password_whatever
OS=linux-64

The goal of this is to have a SAML-supporting GP server to test against while modifying openconnect to directly call the GP SAML webview handler itself (see https://github.com/dlenski/gp-saml-gui/issues/45).

Add a fake SAML handler/form to fake-gp-server.py

Merge request reports