This script provides a wrapper around OpenConnect which allows a user to log in through a WebKitGTK2 window. This allows OpenConnect to be compatible with web-based authentication mechanisms, such as SAML.
The script can be used with python2 or python3, however python3 is recommended. The following packages are also required:
- python-gi or python-gobject
- webkit2gtk
- openconnect
Instruction for specific distros can be found below.
sudo apt install python3-gi gir1.2-webkit2-4.0 openconnect
sudo yum install python-gi webkit2gtk3 openconnect
sudo pacman -S python-gobject webkit2gtk openconnect
This repo can be downloaded with git clone https://github.com/utknoxville/openconnect-pulse-gui
or via the GitHub webpage.
Installation can be performed using pip install .
or directly calling python setup.py install
.
Once installed, the openconnect-pulse-gui
script should be in your $PATH. If not, the script openconnect_pulse_gui/openconnect_pulse_gui.py
can be called directly.
The only required required argument is the sign-in link / server URL. Other arguments can be found by using python openconnect-pulse-gui.py -h
.
Note that this script will not run openconnect, it will only print the command with the correct arguments to stdout.
Anybody wishing to recreate this functionality either manually or using another library can with the following steps:
- Send the user to the sign-in URL. This will either give them the ability to log in directly or redirect them to an external authentication server.
- Wait for a
Set-Cookie
header that contains theDSID
cookie. This is the authentication cookie used by Pulse Secure. - Pass the cookie to
openconnect
using--protocol nc
and-C 'DSID=<cookie-value>'
. Note that some workflows may work with--protocol pulse
, but at this time SAML-based logins do not.