I have a Pulse Secure VPN that is using SAML authentication by Okta. Everything works fine if I use native Pulse Secure client. I am interested in getting openconnect to work, but be default it does not support any kind of MFA.
I was able to find how SAML works with Palo Altos, for example - user gets to a web page where they login and as part of response they get a cookie with specific name. Then there's a specific url on palo alto where vpn client connects to using that cookie as a password. You can follow the whole process manually, you can write a script that will handle it for you, but ultimately you can make palo alto work with openconnect and saml.
I can't seem to find anywhere how exactly interaction between Pulse and SAML is happening. I am assuming process should be similar. Before I start reverse engineering it all with packet captures, I figured I'd ask - maybe somebody knows how it all works and can share their knowledge? It would greatly simplify the process of writing a script to make openconnect work with pulse secure.
No comments:
Post a Comment