{"id":19882327,"url":"https://github.com/arthepsy/pan-globalprotect-okta","last_synced_at":"2025-05-02T14:32:00.345Z","repository":{"id":42461817,"uuid":"128777940","full_name":"arthepsy/pan-globalprotect-okta","owner":"arthepsy","description":"PaloAlto Networks GlobalProtect VPN (integrated with OKTA) command-line client","archived":false,"fork":false,"pushed_at":"2023-11-15T14:23:25.000Z","size":147,"stargazers_count":96,"open_issues_count":16,"forks_count":42,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-04-16T10:56:30.710Z","etag":null,"topics":["globalprotect","okta","openconnect","paloalto","paloaltonetworks","sms","totp","vpn"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arthepsy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-04-09T13:39:59.000Z","updated_at":"2024-03-29T18:10:51.000Z","dependencies_parsed_at":"2023-02-10T18:46:06.763Z","dependency_job_id":null,"html_url":"https://github.com/arthepsy/pan-globalprotect-okta","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthepsy%2Fpan-globalprotect-okta","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthepsy%2Fpan-globalprotect-okta/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthepsy%2Fpan-globalprotect-okta/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthepsy%2Fpan-globalprotect-okta/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arthepsy","download_url":"https://codeload.github.com/arthepsy/pan-globalprotect-okta/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224315107,"owners_count":17290992,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["globalprotect","okta","openconnect","paloalto","paloaltonetworks","sms","totp","vpn"],"created_at":"2024-11-12T17:17:06.266Z","updated_at":"2024-11-12T17:17:06.782Z","avatar_url":"https://github.com/arthepsy.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pan-globalprotect-okta\n\nCommand-line client for PaloAlto Networks' GlobalProtect VPN, integrated with OKTA.\nThis utility will do the _authentication dance_ with OKTA to retrieve cookie,\nwhich will be passed to [OpenConnect](https://github.com/openconnect/openconnect)\nfor creating actual VPN connection. Compatible with Python 2 and 3. Tested on\nFreeBSD, Linux and MacOS X. Tested with OpenConnect 8.00 - 8.10.\n\nIt also supports multiple second factor authentication implementations like Google, OKTA, YubiKey, SMS, etc.\nTOPT authentication can work without user interaction, if initial secret is provided. \nOtherwise, it will ask for generated code.\n\nTo gather TOTP secret, there are two possibilities - either scan the provided QR\ncode with _normal_ QR code scanner and write down the secret. Or create backup\nfrom current OTP application in phone. Some applications have this feature, but\nsome don't. For example, andOTP on Android do support this feature.\n\n## usage\nThis utility depends on [requests](http://www.python-requests.org/) and [lxml](https://lxml.de/)\nPython libraries. If TOTP secret is being used, then [pyotp](https://github.com/pyotp/pyotp)\nis also required. For YubiKey, [fido2](https://github.com/Yubico/python-fido2) is required.\n\n```\n   ./gp-okta.py gp-okta.conf\n```\n\n## docker\n\nBuild Docker image before running container:\n```\ndocker build -t gp-okta .\n```\n\nEdit gp-okta.conf and launch Docker container:\n```\nsh run-docker.sh\n```\n\n## configuration\n\nConfiguration file should be self-explanatory. Options can be overridden with\n`GP_` prefixed respective environment variables, e.g., `GP_PASSWORD` will\noverride `password` option in configuration file.\n\n## changelog\n### v1.00 (2020-05-xx)\n- new MFA: push, Symantec, WebAuthN/YubiKey\n- GnuGP config encryption\n- direct gateway authentication\n- second authentication dance\n- use client certificates\n- verify server certificates\n- type checking\n\n### v0.99 (2019-02-14)\n- supported MFA: OKTA, Google, SMS\n- interactive and hard-coded MFA\n- configurable gateway choice\n- Python2 and Python3 support\n- Dockerfile example\n- workarounds for known issues\n\n## known issues\n\nIf `openconnect` returns with `ioctl` or `fgets (stdin): Resource temporarily unavailable`\nerror, then this `openconnect` version requires different `openconnect_fmt` than detected\nor manually specified. Run `openconnect` manually and paste line-by-line required options\nto figure out required `openconnect_fmt`. Also, please, open an issue and report it.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farthepsy%2Fpan-globalprotect-okta","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farthepsy%2Fpan-globalprotect-okta","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farthepsy%2Fpan-globalprotect-okta/lists"}