Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/vlaci/openconnect-sso
Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication to Cisco SSL-VPNs
https://github.com/vlaci/openconnect-sso
openconnect
Last synced: 6 days ago
JSON representation
Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication to Cisco SSL-VPNs
- Host: GitHub
- URL: https://github.com/vlaci/openconnect-sso
- Owner: vlaci
- License: gpl-3.0
- Created: 2019-09-09T10:12:18.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2024-04-01T00:50:52.000Z (8 months ago)
- Last Synced: 2024-04-29T00:17:18.180Z (7 months ago)
- Topics: openconnect
- Language: Python
- Homepage:
- Size: 314 KB
- Stars: 263
- Watchers: 11
- Forks: 112
- Open Issues: 81
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# openconnect-sso
Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication
to Cisco SSL-VPNs
[](https://github.com/vlaci/openconnect-sso/actions?query=workflow%3ATests+branch%3Amaster+event%3Apush)
## Installation
### Using pip/pipx
A generic way that works on most 'standard' Linux distributions out of the box.
The following example shows how to install `openconect-sso` along with its
dependencies including Qt:
```shell
$ pip install --user pipx
Successfully installed pipx
$ pipx install "openconnect-sso[full]"
⣾ installing openconnect-sso
installed package openconnect-sso 0.4.0, Python 3.7.5
These apps are now globally available
- openconnect-sso
⚠️ Note: '/home/vlaci/.local/bin' is not on your PATH environment variable.
These apps will not be globally accessible until your PATH is updated. Run
`pipx ensurepath` to automatically add it, or manually modify your PATH in your
shell's config file (i.e. ~/.bashrc).
done! ✨ 🌟 ✨
Successfully installed openconnect-sso
$ pipx ensurepath
Success! Added /home/vlaci/.local/bin to the PATH environment variable.
Consider adding shell completions for pipx. Run 'pipx completions' for
instructions.
You likely need to open a new terminal or re-login for the changes to take
effect. ✨ 🌟 ✨
```
Of course you can also install via `pip` instead of `pipx` if you'd like to
install system-wide or a virtualenv of your choice.
### On Arch Linux
There is an unofficial package available for Arch Linux on
[AUR](https://aur.archlinux.org/packages/openconnect-sso/). You can use your
favorite AUR helper to install it:
``` shell
yay -S openconnect-sso
```
### Using nix
The easiest method to try is by installing directly:
```shell
$ nix-env -i -f https://github.com/vlaci/openconnect-sso/archive/master.tar.gz
unpacking 'https://github.com/vlaci/openconnect-sso/archive/master.tar.gz'...
[...]
installing 'openconnect-sso-0.4.0'
these derivations will be built:
/nix/store/2z47740z1rr2cfqfin5lnq04sq3c5xjg-openconnect-sso-0.4.0.drv
[...]
building '/nix/store/50q496iqf840wi8b95cfmgn07k6y5b59-user-environment.drv'...
created 606 symlinks in user environment
$ openconnect-sso
```
An overlay is also available to use in nix expressions:
``` nix
let
openconnectOverlay = import "${builtins.fetchTarball https://github.com/vlaci/openconnect-sso/archive/master.tar.gz}/overlay.nix";
pkgs = import { overlays = [ openconnectOverlay ]; };
in
# pkgs.openconnect-sso is available in this context
```
... or to use in `configuration.nix`:
``` nix
{ config, ... }:
{
nixpkgs.overlays = [
(import "${builtins.fetchTarball https://github.com/vlaci/openconnect-sso/archive/master.tar.gz}/overlay.nix")
];
}
```
### Windows *(EXPERIMENTAL)*
Install with [pip/pipx](#using-pippipx) and be sure that you have `sudo` and `openconnect`
executable commands in your PATH.
## Usage
If you want to save credentials and get them automatically
injected in the web browser:
```shell
$ openconnect-sso --server vpn.server.com/group --user [email protected]
Password ([email protected]):
[info ] Authenticating to VPN endpoint ...
```
User credentials are automatically saved to the users login keyring (if
available).
If you already have Cisco AnyConnect set-up, then `--server` argument is
optional. Also, the last used `--server` address is saved between sessions so
there is no need to always type in the same arguments:
```shell
$ openconnect-sso
[info ] Authenticating to VPN endpoint ...
```
Configuration is saved in `$XDG_CONFIG_HOME/openconnect-sso/config.toml`. On
typical Linux installations it is located under
`$HOME/.config/openconnect-sso/config.toml`
For CISCO-VPN and TOTP the following seems to work by tuning the config.toml
and removing the default "submit"-action to the following:
```
[[auto_fill_rules."https://*"]]
selector = "input[data-report-event=Signin_Submit]"
action = "click"
[[auto_fill_rules."https://*"]]
selector = "input[type=tel]"
fill = "totp"
```
### Adding custom `openconnect` arguments
Sometimes you need to add custom `openconnect` arguments. One situation can be if you get similar error messages:
```shell
Failed to read from SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to recv DPD request (-5)
```
or:
```shell
Detected MTU of 1370 bytes (was 1406)
```
Generally, you can add `openconnect` arguments after the `--` separator. This is called _"positional arguments"_. The
solution of the previous errors is setting `--base-mtu` e.g.:
```shell
openconnect-sso --server vpn.server.com/group --user [email protected] -- --base-mtu=1370
# separator ^^|^^^^^^^^^^^^^^^ openconnect args
```
## Development
`openconnect-sso` is developed using [Nix](https://nixos.org/nix/). Refer to the
[Quick Start section of the Nix
manual](https://nixos.org/nix/manual/#chap-quick-start) to see how to get it
installed on your machine.
To get dropped into a development environment, just type `nix-shell`:
```shell
$ nix-shell
Sourcing python-catch-conflicts-hook.sh
Sourcing python-remove-bin-bytecode-hook.sh
Sourcing pip-build-hook
Using pipBuildPhase
Sourcing pip-install-hook
Using pipInstallPhase
Sourcing python-imports-check-hook.sh
Using pythonImportsCheckPhase
Run 'make help' for available commands
[nix-shell]$
```
To try an installed version of the package, issue `nix-build`:
```shell
$ nix build
[1 built, 0.0 MiB DL]
$ result/bin/openconnect-sso --help
```
Alternatively you may just [get Poetry](https://python-poetry.org/docs/) and
start developing by using the included `Makefile`. Type `make help` to see the
possible make targets.