[systemsettings] [Bug 480661] New: OpenConnect GlobalProtect VPN connection with SAML no longer works since RC2

Thu, 01 Feb 2024 00:16:54 -0800 

https://bugs.kde.org/show_bug.cgi?id=480661

            Bug ID: 480661
           Summary: OpenConnect GlobalProtect VPN connection with SAML no
                    longer works since RC2
    Classification: Applications
           Product: systemsettings
           Version: unspecified
          Platform: Arch Linux
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: kcm_networkmanagement
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected]
  Target Milestone: ---

Created attachment 165428
  --> https://bugs.kde.org/attachment.cgi?id=165428&action=edit
screenshot of the VPN connection window the error message

SUMMARY
***
While on RC1, I could successfully connect to a PAN Global Protect VPN.
However, since updating to RC2, it fails with "Failed to parse XML server
response". The GlobalProtect VPN server that I am using has SAML authentication
with Okta. When connecting to the VPN, I can actually go through the Okta step,
and it fails right before selecting the actual gateway (which, again, used to
work on RC1).

***


STEPS TO REPRODUCE
1. Create a VPN connection of type "PAN Global Protect"
2. Connect to it, and go through the SAML / Okta 2FA

OBSERVED RESULT
Observe the "Failed to parse XML server response" error (see attachment).

EXPECTED RESULT
The connection should work.

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: Arch Linux with KDE Unstable
(available in About System)
KDE Plasma Version: 5.93.0
KDE Frameworks Version: 5.249.0
Qt Version: 6.7.0

ADDITIONAL INFORMATION

The debug logs end with:

POST https://my-redacted-vpn-server.com/global-protect/getconfig.esp
Got HTTP response: HTTP/1.1 200 OK
Date: Thu, 01 Feb 2024 07:04:02 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 291
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
Set-Cookie: ... redacted...
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline';
img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length:  (291)
GlobalProtect portal configuration lists no gateway servers.
Failed to parse XML server response
Response was: <?xml version="1.0" encoding="UTF-8" ?>
<policy>
<has-config>no</has-config>
<user-group-loaded>yes</user-group-loaded>
<portal-userauthcookie>empty</portal-userauthcookie>
<portal-prelogonuserauthcookie>empty</portal-prelogonuserauthcookie>
<password-exp-days>0</password-exp-days></policy>

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to