Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication to Cisco SSL-VPNs
A generic way that works on most 'standard' Linux distributions out of the box.
The following example shows how to install openconect-sso along with its
dependencies including Qt:
$ pip install --user pipx
Successfully installed pipx
$ pipx install "openconnect-sso[full]"
⣾ installing openconnect-sso
  installed package openconnect-sso 0.4.0, Python 3.7.5
  These apps are now globally available
    - openconnect-sso
⚠️  Note: '/home/vlaci/.local/bin' is not on your PATH environment variable.
These apps will not be globally accessible until your PATH is updated. Run
`pipx ensurepath` to automatically add it, or manually modify your PATH in your
shell's config file (i.e. ~/.bashrc).
done! ✨ 🌟 ✨
Successfully installed openconnect-sso
$ pipx ensurepath
Success! Added /home/vlaci/.local/bin to the PATH environment variable.
Consider adding shell completions for pipx. Run 'pipx completions' for
instructions.
You likely need to open a new terminal or re-login for the changes to take
effect. ✨ 🌟 ✨Of course you can also install via pip instead of pipx if you'd like to
install system-wide or a virtualenv of your choice.
There is an unofficial package available for Arch Linux on AUR. You can use your favorite AUR helper to install it:
yay -S openconnect-ssoThe easiest method to try is by installing directly:
$ nix-env -i -f https://github.com/vlaci/openconnect-sso/archive/master.tar.gz
unpacking 'https://github.com/vlaci/openconnect-sso/archive/master.tar.gz'...
[...]
installing 'openconnect-sso-0.4.0'
these derivations will be built:
  /nix/store/2z47740z1rr2cfqfin5lnq04sq3c5xjg-openconnect-sso-0.4.0.drv
[...]
building '/nix/store/50q496iqf840wi8b95cfmgn07k6y5b59-user-environment.drv'...
created 606 symlinks in user environment
$ openconnect-ssoAn overlay is also available to use in nix expressions:
let
  openconnectOverlay = import "${builtins.fetchTarball https://github.com/vlaci/openconnect-sso/archive/master.tar.gz}/overlay.nix";
  pkgs = import <nixpkgs> { overlays = [ openconnectOverlay ]; };
in
  #  pkgs.openconnect-sso is available in this context... or to use in configuration.nix:
{ config, ... }:
{
  nixpkgs.overlays = [
    (import "${builtins.fetchTarball https://github.com/vlaci/openconnect-sso/archive/master.tar.gz}/overlay.nix")
  ];
}Install with pip/pipx and be sure that you have sudo and openconnect
executable commands in your PATH.
If you want to save credentials and get them automatically injected in the web browser:
$ openconnect-sso --server vpn.server.com/group --user [email protected]
Password ([email protected]):
[info     ] Authenticating to VPN endpoint ...User credentials are automatically saved to the users login keyring (if available).
If you already have Cisco AnyConnect set-up, then --server argument is
optional. Also, the last used --server address is saved between sessions so
there is no need to always type in the same arguments:
$ openconnect-sso
[info     ] Authenticating to VPN endpoint ...Configuration is saved in $XDG_CONFIG_HOME/openconnect-sso/config.toml. On
typical Linux installations it is located under
$HOME/.config/openconnect-sso/config.toml
For CISCO-VPN and TOTP the following seems to work by tuning the config.toml and removing the default "submit"-action to the following:
[[auto_fill_rules."https://*"]]
selector = "input[data-report-event=Signin_Submit]"
action = "click"
[[auto_fill_rules."https://*"]]
selector = "input[type=tel]"
fill = "totp"
Sometimes you need to add custom openconnect arguments. One situation can be if you get similar error messages:
Failed to read from SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to recv DPD request (-5)or:
Detected MTU of 1370 bytes (was 1406)Generally, you can add openconnect arguments after the -- separator. This is called "positional arguments". The
solution of the previous errors is setting --base-mtu e.g.:
openconnect-sso --server vpn.server.com/group --user [email protected] -- --base-mtu=1370
#                                                          separator ^^|^^^^^^^^^^^^^^^ openconnect argsopenconnect-sso is developed using Nix. Refer to the
Quick Start section of the Nix
manual to see how to get it
installed on your machine.
To get dropped into a development environment, just type nix-shell:
$ nix-shell
Sourcing python-catch-conflicts-hook.sh
Sourcing python-remove-bin-bytecode-hook.sh
Sourcing pip-build-hook
Using pipBuildPhase
Sourcing pip-install-hook
Using pipInstallPhase
Sourcing python-imports-check-hook.sh
Using pythonImportsCheckPhase
Run 'make help' for available commands
[nix-shell]$To try an installed version of the package, issue nix-build:
$ nix build
[1 built, 0.0 MiB DL]
$ result/bin/openconnect-sso --helpAlternatively you may just get Poetry and
start developing by using the included Makefile. Type make help to see the
possible make targets.