Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication to Cisco SSL-VPNs
Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication to Cisco SSL-VPNs
A generic way that works on most 'standard' Linux distributions out of the box.
The following example shows how to install openconect-sso
along with its
dependencies including Qt:
$ pip install --user pipx
Successfully installed pipx
$ pipx install "openconnect-sso[full]"
⣾ installing openconnect-sso
installed package openconnect-sso 0.4.0, Python 3.7.5
These apps are now globally available
- openconnect-sso
⚠️ Note: '/home/vlaci/.local/bin' is not on your PATH environment variable.
These apps will not be globally accessible until your PATH is updated. Run
`pipx ensurepath` to automatically add it, or manually modify your PATH in your
shell's config file (i.e. ~/.bashrc).
done! ✨ 🌟 ✨
Successfully installed openconnect-sso
$ pipx ensurepath
Success! Added /home/vlaci/.local/bin to the PATH environment variable.
Consider adding shell completions for pipx. Run 'pipx completions' for
instructions.
You likely need to open a new terminal or re-login for the changes to take
effect. ✨ 🌟 ✨
Of course you can also install via pip
instead of pipx
if you'd like to
install system-wide or a virtualenv of your choice.
There is an unofficial package available for Arch Linux on AUR. You can use your favorite AUR helper to install it:
yay -S openconnect-sso
The easiest method to try is by installing directly:
$ nix-env -i -f https://github.com/vlaci/openconnect-sso/archive/master.tar.gz
unpacking 'https://github.com/vlaci/openconnect-sso/archive/master.tar.gz'...
[...]
installing 'openconnect-sso-0.4.0'
these derivations will be built:
/nix/store/2z47740z1rr2cfqfin5lnq04sq3c5xjg-openconnect-sso-0.4.0.drv
[...]
building '/nix/store/50q496iqf840wi8b95cfmgn07k6y5b59-user-environment.drv'...
created 606 symlinks in user environment
$ openconnect-sso
An overlay is also available to use in nix expressions:
let
openconnectOverlay = import "${builtins.fetchTarball https://github.com/vlaci/openconnect-sso/archive/master.tar.gz}/overlay.nix";
pkgs = import <nixpkgs> { overlays = [ openconnectOverlay ]; };
in
# pkgs.openconnect-sso is available in this context
... or to use in configuration.nix
:
{ config, ... }:
{
nixpkgs.overlays = [
(import "${builtins.fetchTarball https://github.com/vlaci/openconnect-sso/archive/master.tar.gz}/overlay.nix")
];
}
Install with pip/pipx and be sure that you have sudo
and openconnect
executable commands in your PATH.
If you want to save credentials and get them automatically injected in the web browser:
$ openconnect-sso --server vpn.server.com/group --user user@domain.com
Password (user@domain.com):
[info ] Authenticating to VPN endpoint ...
User credentials are automatically saved to the users login keyring (if available).
If you already have Cisco AnyConnect set-up, then --server
argument is
optional. Also, the last used --server
address is saved between sessions so
there is no need to always type in the same arguments:
$ openconnect-sso
[info ] Authenticating to VPN endpoint ...
Configuration is saved in $XDG_CONFIG_HOME/openconnect-sso/config.toml
. On
typical Linux installations it is located under
$HOME/.config/openconnect-sso/config.toml
For CISCO-VPN and TOTP the following seems to work by tuning the config.toml and removing the default "submit"-action to the following:
[[auto_fill_rules."https://*"]]
selector = "input[data-report-event=Signin_Submit]"
action = "click"
[[auto_fill_rules."https://*"]]
selector = "input[type=tel]"
fill = "totp"
openconnect
argumentsSometimes you need to add custom openconnect
arguments. One situation can be if you get similar error messages:
Failed to read from SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to recv DPD request (-5)
or:
Detected MTU of 1370 bytes (was 1406)
Generally, you can add openconnect
arguments after the --
separator. This is called "positional arguments". The
solution of the previous errors is setting --base-mtu
e.g.:
openconnect-sso --server vpn.server.com/group --user user@domain.com -- --base-mtu=1370
# separator ^^|^^^^^^^^^^^^^^^ openconnect args
openconnect-sso
is developed using Nix. Refer to the
Quick Start section of the Nix
manual to see how to get it
installed on your machine.
To get dropped into a development environment, just type nix-shell
:
$ nix-shell
Sourcing python-catch-conflicts-hook.sh
Sourcing python-remove-bin-bytecode-hook.sh
Sourcing pip-build-hook
Using pipBuildPhase
Sourcing pip-install-hook
Using pipInstallPhase
Sourcing python-imports-check-hook.sh
Using pythonImportsCheckPhase
Run 'make help' for available commands
[nix-shell]$
To try an installed version of the package, issue nix-build
:
$ nix build
[1 built, 0.0 MiB DL]
$ result/bin/openconnect-sso --help
Alternatively you may just get Poetry and
start developing by using the included Makefile
. Type make help
to see the
possible make targets.
FAQs
Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication to Cisco SSL-VPNs
We found that openconnect-sso demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.