The description of current and desired behavior is a bit sparse, but it seems like the key question is whether/where openconnect stores the kerberos ticket obtained during VPN connection. If it's stored someplace accessible, the rest would just be a matter of getting the different tools plumbed together properly. But if the KfW ticket manager does not show any credentials after the openconnect login, it may be that openconnect is not storing the ticket anywhere, in which case a software change would be needed to openconnect to get it to do so.
-Ben On Sat, Oct 20, 2018 at 10:09:57PM +0200, chiasa.men wrote: > I have an openconnect server where I can login with kerberos credentials (the > vpn server basically also works as proxy to the kdc within said vpn - more > detailed description: https://access.redhat.com/blogs/766093/posts/1976663) > > Now I can connect with a windows machine (using openconnect-gui) with my > kerberos credentials. Which works. > > The next step shall be to use the gained ticket further for webservices > within > that vpn. How can I tell the browser (e.g. Firefox) to use the ticket gained > by openconnect? Is there any way to achieve this? > > I also installed the MIT Kerberos Ticket Manager for Windows. Here (https:// > community.hortonworks.com/content/kbentry/28537/user-authentication-from- > windows-workstation-to-hd.html) is desribed that it is possible to use that > Manager with firefox in order to authenticate to webservices. Although I > haven't been able to accomplish that, would it be possible to tell MIT > Kerberos Ticket Manager to use the Ticket of the vpn login? > > Is there already a 'usual way' to achieve something like sso via vpn with > kerberos with windows clients? > > > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
