RFE: spawn from openconnect itself

[dwmw2]

We duplicate a bunch of stuff that openconnect knows about the GP protocol, just as openconnect-sso duplicates a bunch of stuff about the AnyConnect protocol.

Now that the SAML support has been merged into OpenConnect upstream, it would be really nice to make the openconnect CLI capable of spawning a browser in a separate process. For AnyConnect we already have its 'external browser' mode but that's very different as the SAML flow actually terminates with a redirect to http://localhost:29786/... with the token. For the normal SAML flows we actually need a 'browser' that we can monitor and steal cookies from; we can't just launch the system browser (unless we make a nasty plugin and deal with the resulting security concerns),

So... can we make openconnect just spawn a variant of gp-saml-gui or openconnect-sso and get the cookie back from it? We already do something like that with TNCC for the DSPREAUTH cookie; instead of just unhelpfully printing No SSO handler, can we instead spawn something like
$WEBVIEW_SCRIPT --url $SAML_URL --final-url $SAML_FINAL_URL --cookie $SAML_TOKEN_COOKIE
... and then get the answer back from its stdout like we do with TNCC?

[dwmw2]

https://gitlab.com/openconnect/openconnect/-/issues/425

[dlenski]

https://gitlab.com/openconnect/openconnect/-/issues/425

Continuing discussion there, and locking this one to force others to do the same 😎