linuxauthenticationhttp-redirectsamlopenconnect

openconnect with gp does not prompt for SAML authentication in command line


I am using openconnect --protocol=gp vpn.mysite.com and it says its connecting, but it is waiting for the SAML authentication. The command and authentication works on my debian machine it prompts for a username and password, but trying on my other linux machine it does not seem to want to prompt for authentication. This is the output:

POST https://vpn.mysite.com/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux
Connected to 000.000.0.000:443
SSL negotiation with vpn.mysite.com
Connected to HTTPS on vpn.mysite.com with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM)
SAML REDIRECT authentication is required via https://sso.mysite.com/idp/profile/SAML2/Redirect/SSO?SAMLRequest=hZHfT4MwEMf%2FFdL3rQUqkGaQ4PbgkhnJij74Yiqcrgm02CvTP1%2B2uThf5uPlvj9yn1ug6rtBlKPfmS18jIA%2B%2BOo7g%2BK4yMnojLAKNQqjekDhGyHL%2B42I5kwMznrb2I4EJSI4r61ZWoNjD06C2%2BsGHrebnOy8H1BQuh%2FMHD7HObSj4Dymh5yIUVnRcilJsJq6tVGHlF8Poj17qG4HOlW%2B6Q5OXrqFVjtoPJXygQTrVU5eEgYsTrIsbXmbKp5BCkmTMh6GjMccokmGOMLaoFfG5yRiUThjNzOW1WEqokRE8TMJqp%2FLbrVptXm%2FjuH1JEJxV9fVrHqQNQmewOHxkElAisUBpjgWuwu812PVmSkp%2FiW4oBcNxWn6%2B9XiGw%3D%3D&RelayState=FWwGAOXiGV83OGI5MGJmMTExNzY1NDZmMjc0YTdlN2MzNGJiZmRkYw%3D%3D
When SAML authentication is complete, specify destination form field by appending :field_name to login URL.
Failed to parse server response
Failed to obtain WebVPN cookie

the openconnect version I am using is

OpenConnect version v8.10
Using GnuTLS 3.7.1. Features present: PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse

Thank you for any assistance.


Solution

  • solved by adding --usergroup=gateway to the command

    so the total command that works is

    sudo openconnect --protocol=gp --usergroup=gateway vpn.mysite.com