Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Several improvements for gp-okta.py #19

Merged
merged 30 commits into from
May 21, 2020
Merged

Several improvements for gp-okta.py #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
58c1d37
Add option for second round of Okta authentication
aclindsa Sep 10, 2018
5f24bc5
Pass prelogin-cookie if portal-userauthcookie is empty
aclindsa Sep 11, 2018
2952732
Implement config option `cert` to use a client certificate.
Jun 4, 2019
3d4ebf7
Implement double authn login (via stateToken) needed for some corpora…
Jun 4, 2019
0c19050
Fix: inconsistent spacing (tabs<->spaces)
Jun 6, 2019
fab69fe
Set certificate automatically also in openconnect call, if one is set…
Jun 7, 2019
412560e
- Add ssl cert verification for vpn and okta side, if configured
coldcoff Jun 11, 2019
15c5734
- flush openconnect_certs file in between and finally close before g…
coldcoff Jun 12, 2019
d14109d
do not close file, flush is enough for now - otherwise it might get d…
coldcoff Jun 12, 2019
92a167d
Use stderr for error messages.
coldcoff Jun 13, 2019
59af2ac
Shorten imports
coldcoff Jun 13, 2019
d6a3863
Add the committing people all to the copyright notice
coldcoff Jun 13, 2019
ceeaebb
Do the "another_dance" at the desired gateway to obtain a cookie that…
coldcoff Jun 13, 2019
9ee875b
Some portals seem not to return root-ca entries, detect that and just…
coldcoff Jun 14, 2019
54145a7
Bugfix: guard case when error msg is not returned
coldcoff Jul 3, 2019
f0c785f
Bugfix: use unicode literals also on python2, this avoids errors with…
coldcoff Jul 3, 2019
c4e7498
Feature: Allow Yubikey `webauthn` authentication, if configured as 2F…
coldcoff Jul 7, 2019
536a88f
Bugfix: formatting of error message when send_req() fails
coldcoff Sep 3, 2019
c9944a1
No functional changes, just document (commented out) more potential p…
coldcoff Sep 3, 2019
fce587a
Treat "Symantec VIP Access" as TOTP
dlenski May 30, 2019
76a895d
Merge pull request #2 from dlenski/Symantec_VIPAccess_is_TOTP
coldcoff Jan 30, 2020
8f628a9
make the error message more verbose in case a SAML request is missing…
coldcoff Apr 14, 2020
fa5e58f
allow to dance only with some concrete gateway when SAML is disabled …
coldcoff Apr 14, 2020
748749e
trim trailing whitespace
coldcoff Apr 14, 2020
3946d55
Add some good ideas from @limitz404
coldcoff Apr 15, 2020
7d478c0
Implement '--show-list-of-gateways' option to display the list of gat…
coldcoff Apr 16, 2020
a4db983
remove strange hex chars in docstring (probably an artifact from copy…
coldcoff Apr 16, 2020
0aa34dc
fix 'gateway used before assignement' error (code review by @cardonator)
coldcoff May 8, 2020
d9c3b21
merge PR https://github.com/arthepsy/pan-globalprotect-okta/pull/14 f…
coldcoff May 8, 2020
7fbaeee
support 'push' also in `mfa_priority`
coldcoff May 8, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 15 additions & 3 deletions gp-okta.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,27 @@
debug = 0

vpn_url = https://vpn.example.com
#vpn_url_cert = vpn_url.cert

okta_url = https://example.okta.com
#okta_url_cert = okta_url.cert

username = myuser
password = mypass
#client_cert = path-to-myusers-client-cert-as-unencrypted-pem-file.pem

# mfa_order = totp sms
sms.okta = 0
totp.okta = ABCDEFGHIJKLMNOP
totp.google = ABCDEFGHIJKLMNOP
gateway = Manual ny1-gw.example.com
#totp.okta = ABCDEFGHIJKLMNOP
#totp.google = ABCDEFGHIJKLMNOP
#totp.symantec = ABCDEFGHIJKLMNOP

gateway = Manual ny1-gw.example.com # optional hardcoded gateway

#openconnect_cmd = sudo openconnect
#openconnect_certs = path-to-a-writeable-filename-in-which-the-script-will-collect-all-involved-server-certs-if-not-set-a-temp-file-is-used-instead
openconnect_args = # optional arguments to openconnect
execute = 0 # execute openconnect command
another_dance = 0 # second round of authentication required
bug.nl = 0 # newline work-around for openconnect
bug.username = 0 # username work-around for openconnect
Loading