{"id":13725286,"url":"https://github.com/vlaci/openconnect-sso","last_synced_at":"2026-02-21T06:32:59.987Z","repository":{"id":38019829,"uuid":"207281236","full_name":"vlaci/openconnect-sso","owner":"vlaci","description":"Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication to Cisco SSL-VPNs","archived":false,"fork":false,"pushed_at":"2024-08-20T12:01:14.000Z","size":322,"stargazers_count":359,"open_issues_count":104,"forks_count":165,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-11-10T04:27:15.292Z","etag":null,"topics":["openconnect"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vlaci.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-09-09T10:12:18.000Z","updated_at":"2025-11-08T14:58:47.000Z","dependencies_parsed_at":"2024-06-20T21:57:03.090Z","dependency_job_id":"911c21fc-d702-44af-9a88-93f9c06b23a9","html_url":"https://github.com/vlaci/openconnect-sso","commit_stats":{"total_commits":206,"total_committers":31,"mean_commits":6.645161290322581,"dds":"0.36407766990291257","last_synced_commit":"94128073ef49acb3bad84a2ae19fdef926ab7bdf"},"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"purl":"pkg:github/vlaci/openconnect-sso","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vlaci%2Fopenconnect-sso","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vlaci%2Fopenconnect-sso/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vlaci%2Fopenconnect-sso/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vlaci%2Fopenconnect-sso/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vlaci","download_url":"https://codeload.github.com/vlaci/openconnect-sso/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vlaci%2Fopenconnect-sso/sbom","scorecard":{"id":925110,"data":{"date":"2025-08-11","repo":{"name":"github.com/vlaci/openconnect-sso","commit":"94128073ef49acb3bad84a2ae19fdef926ab7bdf"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.6,"checks":[{"name":"Code-Review","score":4,"reason":"Found 8/20 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/codingstyle.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codingstyle.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vlaci/openconnect-sso/codingstyle.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codingstyle.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/vlaci/openconnect-sso/codingstyle.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/codingstyle.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/vlaci/openconnect-sso/codingstyle.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/vlaci/openconnect-sso/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/vlaci/openconnect-sso/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/vlaci/openconnect-sso/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/vlaci/openconnect-sso/test.yml/master?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:67","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.8.0 not signed: https://api.github.com/repos/vlaci/openconnect-sso/releases/54500731","Warn: release artifact v0.7.3 not signed: https://api.github.com/repos/vlaci/openconnect-sso/releases/41473352","Warn: release artifact v0.7.2 not signed: https://api.github.com/repos/vlaci/openconnect-sso/releases/40716686","Warn: release artifact v0.7.0 not signed: https://api.github.com/repos/vlaci/openconnect-sso/releases/39078753","Warn: release artifact v0.8.0 does not have provenance: https://api.github.com/repos/vlaci/openconnect-sso/releases/54500731","Warn: release artifact v0.7.3 does not have provenance: https://api.github.com/repos/vlaci/openconnect-sso/releases/41473352","Warn: release artifact v0.7.2 does not have provenance: https://api.github.com/repos/vlaci/openconnect-sso/releases/40716686","Warn: release artifact v0.7.0 does not have provenance: https://api.github.com/repos/vlaci/openconnect-sso/releases/39078753"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 18 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"24 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6","Warn: Project is vulnerable to: PYSEC-2024-230 / GHSA-248v-346w-9cwc","Warn: Project is vulnerable to: PYSEC-2023-135 / GHSA-xqr8-7jwr-rhp7","Warn: Project is vulnerable to: GHSA-3ww4-gg4f-jr7f","Warn: Project is vulnerable to: PYSEC-2024-225 / GHSA-6vqw-3v5j-54x4","Warn: Project is vulnerable to: GHSA-9v9h-cgj8-h64p","Warn: Project is vulnerable to: GHSA-h4gh-qq45-vh27","Warn: Project is vulnerable to: PYSEC-2023-254 / GHSA-jfhm-5ghh-2f97","Warn: Project is vulnerable to: GHSA-jm77-qphf-c4w8","Warn: Project is vulnerable to: GHSA-v8gr-m533-ghj9","Warn: Project is vulnerable to: PYSEC-2024-60 / GHSA-jjg7-2v4v-x38h","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-cx63-2mw6-8hw5","Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf","Warn: Project is vulnerable to: PYSEC-2023-212 / GHSA-g4mx-q9vg-27p4","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: PYSEC-2023-192 / GHSA-v845-jxx5-vc9f","Warn: Project is vulnerable to: GHSA-2g68-c3qc-8985","Warn: Project is vulnerable to: GHSA-f9vj-2wh5-fj8j","Warn: Project is vulnerable to: PYSEC-2023-221 / GHSA-hrfv-mqp8-q5rw","Warn: Project is vulnerable to: GHSA-q34m-jh98-gwm2","Warn: Project is vulnerable to: GHSA-jfmj-5v4g-7637"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-25T10:48:38.945Z","repository_id":38019829,"created_at":"2025-08-25T10:48:38.945Z","updated_at":"2025-08-25T10:48:38.945Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29675471,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-21T06:23:40.028Z","status":"ssl_error","status_checked_at":"2026-02-21T06:23:39.222Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["openconnect"],"created_at":"2024-08-03T01:02:18.226Z","updated_at":"2026-02-21T06:32:59.952Z","avatar_url":"https://github.com/vlaci.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# openconnect-sso\n\nWrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication\nto Cisco SSL-VPNs\n\n[![Tests Status\n](https://github.com/vlaci/openconnect-sso/workflows/Tests/badge.svg?branch=master\u0026event=push)](https://github.com/vlaci/openconnect-sso/actions?query=workflow%3ATests+branch%3Amaster+event%3Apush)\n\n## Installation\n\n### Using pip/pipx\n\nA generic way that works on most 'standard' Linux distributions out of the box.\nThe following example shows how to install `openconect-sso` along with its\ndependencies including Qt:\n\n```shell\n$ pip install --user pipx\nSuccessfully installed pipx\n$ pipx install \"openconnect-sso[full]\"\n⣾ installing openconnect-sso\n  installed package openconnect-sso 0.4.0, Python 3.7.5\n  These apps are now globally available\n    - openconnect-sso\n⚠️  Note: '/home/vlaci/.local/bin' is not on your PATH environment variable.\nThese apps will not be globally accessible until your PATH is updated. Run\n`pipx ensurepath` to automatically add it, or manually modify your PATH in your\nshell's config file (i.e. ~/.bashrc).\ndone! ✨ 🌟 ✨\nSuccessfully installed openconnect-sso\n$ pipx ensurepath\nSuccess! Added /home/vlaci/.local/bin to the PATH environment variable.\nConsider adding shell completions for pipx. Run 'pipx completions' for\ninstructions.\n\nYou likely need to open a new terminal or re-login for the changes to take\neffect. ✨ 🌟 ✨\n```\n\nOf course you can also install via `pip` instead of `pipx` if you'd like to\ninstall system-wide or a virtualenv of your choice.\n\n### On Arch Linux\n\nThere is an unofficial package available for Arch Linux on\n[AUR](https://aur.archlinux.org/packages/openconnect-sso/). You can use your\nfavorite AUR helper to install it:\n\n``` shell\nyay -S openconnect-sso\n```\n\n### Using nix\n\nThe easiest method to try is by installing directly:\n\n```shell\n$ nix-env -i -f https://github.com/vlaci/openconnect-sso/archive/master.tar.gz\nunpacking 'https://github.com/vlaci/openconnect-sso/archive/master.tar.gz'...\n[...]\ninstalling 'openconnect-sso-0.4.0'\nthese derivations will be built:\n  /nix/store/2z47740z1rr2cfqfin5lnq04sq3c5xjg-openconnect-sso-0.4.0.drv\n[...]\nbuilding '/nix/store/50q496iqf840wi8b95cfmgn07k6y5b59-user-environment.drv'...\ncreated 606 symlinks in user environment\n$ openconnect-sso\n```\n\nAn overlay is also available to use in nix expressions:\n\n``` nix\nlet\n  openconnectOverlay = import \"${builtins.fetchTarball https://github.com/vlaci/openconnect-sso/archive/master.tar.gz}/overlay.nix\";\n  pkgs = import \u003cnixpkgs\u003e { overlays = [ openconnectOverlay ]; };\nin\n  #  pkgs.openconnect-sso is available in this context\n```\n\n... or to use in `configuration.nix`:\n\n``` nix\n{ config, ... }:\n\n{\n  nixpkgs.overlays = [\n    (import \"${builtins.fetchTarball https://github.com/vlaci/openconnect-sso/archive/master.tar.gz}/overlay.nix\")\n  ];\n}\n```\n\n### Windows *(EXPERIMENTAL)*\n\nInstall with [pip/pipx](#using-pippipx) and be sure that you have `sudo` and `openconnect`\nexecutable commands in your PATH.\n\n## Usage\n\nIf you want to save credentials and get them automatically\ninjected in the web browser:\n\n```shell\n$ openconnect-sso --server vpn.server.com/group --user user@domain.com\nPassword (user@domain.com):\n[info     ] Authenticating to VPN endpoint ...\n```\n\nUser credentials are automatically saved to the users login keyring (if\navailable).\n\nIf you already have Cisco AnyConnect set-up, then `--server` argument is\noptional. Also, the last used `--server` address is saved between sessions so\nthere is no need to always type in the same arguments:\n\n```shell\n$ openconnect-sso\n[info     ] Authenticating to VPN endpoint ...\n```\n\nConfiguration is saved in `$XDG_CONFIG_HOME/openconnect-sso/config.toml`. On\ntypical Linux installations it is located under\n`$HOME/.config/openconnect-sso/config.toml`\n\nFor CISCO-VPN and TOTP the following seems to work by tuning the config.toml\nand removing the default \"submit\"-action to the following:\n\n```\n[[auto_fill_rules.\"https://*\"]]\nselector = \"input[data-report-event=Signin_Submit]\"\naction = \"click\"\n\n[[auto_fill_rules.\"https://*\"]]\nselector = \"input[type=tel]\"\nfill = \"totp\"\n```\n\n### Adding custom `openconnect` arguments\n\nSometimes you need to add custom `openconnect` arguments. One situation can be if you get similar error messages:\n\n```shell\nFailed to read from SSL socket: The transmitted packet is too large (EMSGSIZE).\nFailed to recv DPD request (-5)\n```\n\nor:\n\n```shell\nDetected MTU of 1370 bytes (was 1406)\n```\n\nGenerally, you can add `openconnect` arguments after the `--` separator. This is called _\"positional arguments\"_. The\nsolution of the previous errors is setting `--base-mtu` e.g.:\n\n```shell\nopenconnect-sso --server vpn.server.com/group --user user@domain.com -- --base-mtu=1370\n#                                                          separator ^^|^^^^^^^^^^^^^^^ openconnect args\n```\n\n## Development\n\n`openconnect-sso` is developed using [Nix](https://nixos.org/nix/). Refer to the\n[Quick Start section of the Nix\nmanual](https://nixos.org/nix/manual/#chap-quick-start) to see how to get it\ninstalled on your machine.\n\nTo get dropped into a development environment, just type `nix-shell`:\n\n```shell\n$ nix-shell\nSourcing python-catch-conflicts-hook.sh\nSourcing python-remove-bin-bytecode-hook.sh\nSourcing pip-build-hook\nUsing pipBuildPhase\nSourcing pip-install-hook\nUsing pipInstallPhase\nSourcing python-imports-check-hook.sh\nUsing pythonImportsCheckPhase\nRun 'make help' for available commands\n\n[nix-shell]$\n```\n\nTo try an installed version of the package, issue `nix-build`:\n\n```shell\n$ nix build\n[1 built, 0.0 MiB DL]\n\n$ result/bin/openconnect-sso --help\n```\n\nAlternatively you may just [get Poetry](https://python-poetry.org/docs/) and\nstart developing by using the included `Makefile`. Type `make help` to see the\npossible make targets.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvlaci%2Fopenconnect-sso","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvlaci%2Fopenconnect-sso","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvlaci%2Fopenconnect-sso/lists"}