我正在使用 openconnect --protocol=gp vpn.mysite.com,它显示正在连接,但正在等待 SAML 身份验证。命令和身份验证在我的 debian 机器上运行,它会提示输入用户名和密码,但在我的其他 Linux 机器上尝试时,它似乎不想提示进行身份验证。这是输出:
POST https://vpn.mysite.com/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux
Connected to 000.000.0.000:443
SSL negotiation with vpn.mysite.com
Connected to HTTPS on vpn.mysite.com with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM)
SAML REDIRECT authentication is required via https://sso.mysite.com/idp/profile/SAML2/Redirect/SSO?SAMLRequest=hZHfT4MwEMf%2FFdL3rQUqkGaQ4PbgkhnJij74Yiqcrgm02CvTP1%2B2uThf5uPlvj9yn1ug6rtBlKPfmS18jIA%2B%2BOo7g%2BK4yMnojLAKNQqjekDhGyHL%2B42I5kwMznrb2I4EJSI4r61ZWoNjD06C2%2BsGHrebnOy8H1BQuh%2FMHD7HObSj4Dymh5yIUVnRcilJsJq6tVGHlF8Poj17qG4HOlW%2B6Q5OXrqFVjtoPJXygQTrVU5eEgYsTrIsbXmbKp5BCkmTMh6GjMccokmGOMLaoFfG5yRiUThjNzOW1WEqokRE8TMJqp%2FLbrVptXm%2FjuH1JEJxV9fVrHqQNQmewOHxkElAisUBpjgWuwu812PVmSkp%2FiW4oBcNxWn6%2B9XiGw%3D%3D&RelayState=FWwGAOXiGV83OGI5MGJmMTExNzY1NDZmMjc0YTdlN2MzNGJiZmRkYw%3D%3D
When SAML authentication is complete, specify destination form field by appending :field_name to login URL.
Failed to parse server response
Failed to obtain WebVPN cookie
我使用的openconnect版本是
OpenConnect version v8.10
Using GnuTLS 3.7.1. Features present: PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse
感谢您的帮助。
我创建了这个 python 脚本,它基本上允许您使用
nmcliopenconnect用途:
python connect_to_global_protect_using_nmcli.py --conection-name "Your VPN connection" --vpn-portal "your.vpn.portal" --vpn-user-group "portal" --vpn-os "linux"
该脚本将搜索指定的连接是否已存在,如果不存在,则会为提供的名称、操作系统和门户以及协议“gp”创建一个 VPN 连接,然后进行 SAML 身份验证,然后使用
连接到 VPN nmcli。
通过在命令中添加 --usergroup=gateway 来解决
所以有效的总命令是
sudo openconnect --protocol=gp --usergroup=gateway vpn.mysite.com