Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

After SAML, stuck at "Connecting" #89

Closed
dmusican opened this issue Sep 9, 2021 · 8 comments
Closed

After SAML, stuck at "Connecting" #89

dmusican opened this issue Sep 9, 2021 · 8 comments

Comments

@dmusican
Copy link

dmusican commented Sep 9, 2021

The SAML authentication seems to work great, but the GUI hangs at "Connecting...". Any thoughts?

2021-09-09 08:20:36.146 INFO  [388769] [main@22] GlobalProtect started, version: v1.3.3                                                                                                                            2021-09-09 08:20:36.314 INFO  [388769] [GPClient::populateGatewayMenu@140] Populating the Switch Gateway menu...                                                                                                   2021-09-09 08:20:38.405 INFO  [388769] [GPClient::populateGatewayMenu@140] Populating the Switch Gateway menu...                                                                                              
2021-09-09 08:20:38.484 INFO  [388769] [GPClient::doConnect@245] Start connecting...                                                                                                                               2021-09-09 08:20:38.484 INFO  [388769] [GPClient::doConnect@261] Start gateway login using the previously saved gateway...
2021-09-09 08:20:38.484 INFO  [388769] [GPClient::gatewayLogin@356] Performing gateway login...
2021-09-09 08:20:38.492 INFO  [388769] [GatewayAuthenticator::authenticate@30] Start gateway authentication...
2021-09-09 08:20:38.493 INFO  [388769] [GatewayAuthenticator::login@42] Trying to login the gateway at https://gateway.xxx.edu/ssl-vpn/login.esp with prot=https%3A&server=&inputSrc=&jnlpReady=jnlpReady&comp
uter=mylaptop&ok=Login&direct=yes&clientVer=4100&os-version=Ubuntu 20.04.3 LTS&clientos=Linux&portal-prelogonuserauthcookie=&prelogin-cookie=&ipv6-support=yes&user=&passwd=&portal-userauthcookie=
2021-09-09 08:20:38.842 ERROR [388769] [GatewayAuthenticator::onLoginFinished@54] Failed to login the gateway at https://gateway.xxx.edu/ssl-vpn/login.esp, Error transferring https://gateway.xxx.edu/ss
l-vpn/login.esp - server replied: Custom error
2021-09-09 08:20:38.842 INFO  [388769] [GatewayAuthenticator::doAuth@75] Perform the gateway prelogin at https://gateway.xxx.edu/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=
4100&clientos=Linux
2021-09-09 08:20:38.894 INFO  [388769] [GatewayAuthenticator::onPreloginFinished@92] Gateway prelogin succeeded.
2021-09-09 08:20:38.894 INFO  [388769] [PreloginResponse::parse@26] Start parsing the prelogin response...
2021-09-09 08:20:38.895 INFO  [388769] [GatewayAuthenticator::samlAuth@151] Trying to perform SAML login with saml-method POST

DevTools listening on ws://127.0.0.1:12315/devtools/browser/7bb84b48-1d98-4e30-9eda-2ad7e5ac433a
Remote debugging server started successfully. Try pointing a Chromium-based browser to http://127.0.0.1:12315
2021-09-09 08:20:39.050 INFO  [388769] [SAMLLoginWindow::onResponseReceived@64] Response received from data:text/html;charset=UTF-8,%3Chtml%3E%0A%3Cbody%3E%0A%3Cform%20id%3D%22myform%22%20method%3D%22POST%22%20a
ction%3D%22https%3A%2F%2Flogin.xxx.edu%2Fidp%2Fprofile%2FSAML2%2FPOST%2FSSO%22%3E%0A%3Cinput%20type%3D%22hidden%22%20name%3D%22SAMLRequest%22%20value%3D%22PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9
hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vZ2F0ZXdheS5jYXJsZXRvbi5lZHU6NDQzL1NBTUwyMC9TUC9BQ1MiIERlc3RpbmF0aW9uPSJodHRwczovL2xvZ2luLmNhcmxldG9uLmVkdS9pZHAvcHJvZm
lsZS9TQU1MMi9QT1NUL1NTTyIgSUQ9Il9jYTYzYTNhNDMzMGViYzg5MGQ1YmEzMWRmMDNiNTc0ZiIgSXNzdWVJbnN0YW50PSIyMDIxLTA5LTA5VDEzOjIwOjM4WiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUI
iBWZXJzaW9uPSIyLjAiPjxzYW1sOklzc3VlciB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL2dhdGV3YXkuY2FybGV0b24uZWR1OjQ0My9TQU1MMjAvU1A8L3NhbWw6SXNzdWVyPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg%3
D%3D%22%20%2F%3E%0A%3Cinput%20type%3D%22hidden%22%20name%3D%22RelayState%22%20value%3D%22yCYBALaNzGAyYTJjYmQwNmJjZGJhMzBiYzBjY2E0MzcwNGQ1M2UzMg%3D%3D%22%20%2F%3E%0A%3C%2Fform%3E%0A%3Cscript%3E%0A%20%20document.g
etElementById%28%27myform%27%29.submit%28%29%3B%0A%3C%2Fscript%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E%0D%0A
2021-09-09 08:20:39.068 INFO  [388769] [SAMLLoginWindow::onLoadFinished@98] Load finished https://gateway.xxx.edu/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=L
inux
2021-09-09 08:20:39.209 INFO  [388769] [SAMLLoginWindow::onResponseReceived@64] Response received from https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
2021-09-09 08:20:39.316 INFO  [388769] [SAMLLoginWindow::onLoadFinished@98] Load finished https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
2021-09-09 08:20:39.389 INFO  [388769] [SAMLLoginWindow::onResponseReceived@64] Response received from https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s2
2021-09-09 08:20:39.540 INFO  [388769] [SAMLLoginWindow::onLoadFinished@98] Load finished https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s2
2021-09-09 08:20:45.511 INFO  [388769] [SAMLLoginWindow::onResponseReceived@64] Response received from https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s3
2021-09-09 08:20:45.854 INFO  [388769] [SAMLLoginWindow::onResponseReceived@64] Response received from https://api-8e4f311a.duosecurity.com/frame/web/v1/auth?tx=TX|ZG11c2ljYW50fERJRjhSV0xGVktJVFk1MTZJUEdVfDE2MzE
xOTM5NDU=|e8a50dc42e96b428aae06406bd7e1eb632604a7b&parent=https%3A%2F%2Flogin.xxx.edu%2Fidp%2Fprofile%2FSAML2%2FPOST%2FSSO%3Fexecution%3De1s3&v=2.6
2021-09-09 08:20:45.921 INFO  [388769] [SAMLLoginWindow::onLoadFinished@98] Load finished https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s3
2021-09-09 08:20:46.261 INFO  [388769] [SAMLLoginWindow::onResponseReceived@64] Response received from https://api-8e4f311a.duosecurity.com/frame/web/v1/auth?tx=TX|ZG11c2ljYW50fERJRjhSV0xGVktJVFk1MTZJUEdVfDE2MzE
xOTM5NDU=|e8a50dc42e96b428aae06406bd7e1eb632604a7b&parent=https%3A%2F%2Flogin.xxx.edu%2Fidp%2Fprofile%2FSAML2%2FPOST%2FSSO%3Fexecution%3De1s3&v=2.6
2021-09-09 08:20:46.534 INFO  [388769] [SAMLLoginWindow::onResponseReceived@64] Response received from https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s3
2021-09-09 08:20:46.552 INFO  [388769] [SAMLLoginWindow::onLoadFinished@98] Load finished https://login.xxx.edu/idp/profile/SAML2/POST/SSO?execution=e1s3
2021-09-09 08:20:46.640 INFO  [388769] [SAMLLoginWindow::onResponseReceived@64] Response received from https://gateway.xxx.edu/SAML20/SP/ACS
2021-09-09 08:20:46.640 INFO  [388769] [SAMLLoginWindow::onResponseReceived@67] Got username from SAML response headers username
2021-09-09 08:20:46.640 INFO  [388769] [SAMLLoginWindow::onResponseReceived@72] Got prelogin-cookie from SAML response headers Uq77eKye+4eZn8l3Spi9j+1fTO8LlWbt4YfT+XSG8j6NDnaAWVvB7dRfhpy57+zp
2021-09-09 08:20:46.640 INFO  [388769] [SAMLLoginWindow::onResponseReceived@84] Got the SAML authentication information successfully. username: username, preloginCookie: Uq77eKye+4eZn8l3Spi9j+1fTO8LlWbt4YfT+XSG
8j6NDnaAWVvB7dRfhpy57+zp, userAuthCookie: 
2021-09-09 08:20:46.640 INFO  [388769] [GatewayAuthenticator::onSAMLLoginSuccess@165] SAML login succeeded, got the prelogin-cookie Uq77eKye+4eZn8l3Spi9j+1fTO8LlWbt4YfT+XSG8j6NDnaAWVvB7dRfhpy57+zp
2021-09-09 08:20:46.641 INFO  [388769] [GatewayAuthenticator::login@42] Trying to login the gateway at https://gateway.xxx.edu/ssl-vpn/login.esp with prot=https%3A&server=&inputSrc=&jnlpReady=jnlpReady&pass
wd=&computer=mylaptop&ok=Login&direct=yes&clientVer=4100&os-version=Ubuntu 20.04.3 LTS&clientos=Linux&portal-prelogonuserauthcookie=&ipv6-support=yes&user=username&prelogin-cookie=Uq77eKye%2B4eZn8l3Spi9j%2B1fTO
8LlWbt4YfT%2BXSG8j6NDnaAWVvB7dRfhpy57%2Bzp&portal-userauthcookie=
2021-09-09 08:20:46.658 INFO  [388769] [SAMLLoginWindow::onLoadFinished@98] Load finished https://gateway.xxx.edu/SAML20/SP/ACS
2021-09-09 08:20:47.004 INFO  [388769] [gpclient::helper::parseGatewayResponse@50] Start parsing the gateway response...
2021-09-09 08:20:47.004 INFO  [388769] [gpclient::helper::parseGatewayResponse@51] The gateway response is: <?xml version="1.0" encoding="utf-8"?><jnlp><application-desc><argument>(null)</argument><argument>22dd
cde9731b6331a26895fe51e860b6</argument><argument>946cffbb40acc185c72e73af0045b02685882718</argument><argument>gateway.xxx.edu-N</argument><argument>username</argument><argument>SAML login.xxx.edu</arg
ument><argument>vsys1</argument><argument>%28empty_domain%29</argument><argument>(null)</argument><argument></argument><argument></argument><argument></argument><argument>tunnel</argument><argument>-1</argument>
<argument>4100</argument><argument></argument><argument></argument><argument></argument><argument></argument><argument>4</argument><argument>unknown</argument><argument></argument></application-desc></jnlp>
2021-09-09 08:20:47.004 INFO  [388769] [GPClient::onGatewaySuccess@373] Gateway login succeeded, got the cookie authcookie=22ddcde9731b6331a26895fe51e860b6&portal=gateway.xxx.edu-N&user=username&domain=%25
28empty_domain%2529&preferred-ip=&computer=mylaptop
@yuezk
Copy link
Owner

yuezk commented Sep 9, 2021

@dmusican What's the version of openconnect?

@dmusican
Copy link
Author

dmusican commented Sep 9, 2021

Here you go...

$ openconnect --version
OpenConnect version v8.05-1
Using GnuTLS. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse

@yuezk
Copy link
Owner

yuezk commented Sep 13, 2021
edited
Loading

@dmusican what's the location of the openconnect? Is it one of the following:

"/usr/local/bin/openconnect",
"/usr/local/sbin/openconnect",
"/usr/bin/openconnect",
"/usr/sbin/openconnect",
"/opt/bin/openconnect",
"/opt/sbin/openconnect"

...and what's the output of systemctl status gpservice.service?

@dmusican
Copy link
Author

Hopefully this helps --- and is that result from systemctl good or bad?

$ type openconnect
openconnect is /usr/sbin/openconnect

$ systemctl status gpservice.service
Unit gpservice.service could not be found.

@yuezk
Copy link
Owner

yuezk commented Sep 13, 2021

The gpservice is not found, that's the problem. Where did you install the gpclient and gp service?

@dmusican
Copy link
Author

Yikes, I didn't install it. I'm confused: the install instructions don't say anything about gpclient or gp service... and in the README, the prereqs listed are Openconnect v8.x, Qt5, qt5-webengine, qt5-websockets. Are there instructions for this that I've missed? (Thanks for diagnosing this as the root of the problem.)

@yuezk
Copy link
Owner

yuezk commented Sep 13, 2021

The build instructions are below the prereqs. https://github.com/yuezk/GlobalProtect-openconnect#build-from-source-code

I'll improve the instructions to make them less confusing.

@dmusican
Copy link
Author

Perfect, that worked. Thanks so much for the help --- this is all working great. Much appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dmusican @yuezk