Update for SAML (long username/password) support#273
Update for SAML (long username/password) support#273m4dc4p wants to merge 1 commit intoOpenVPN:masterfrom
Conversation
Based on patches found at https://github.com/samm-git/aws-vpn-client, this updates OpenVPN for compatibility with AWS' SAML based authentication.
|
The repository I linked applies some patches to increase the buffer size used to hold command line arguments, and some others, which ultimately allow openvpn to be used with SAML-based authentication. If the changes seem solid, it seems to make sense to get them into the official release. |
|
Those patches are breaking compatibility with existing OpenVPN servers/clients. There is also no documentation or examples or other indicates how these changes would help with anything. OpenVPN already supports SAML auth, see management-notes.txt and auth pending support. |
|
That's fantastic - thanks for the pointers! I'll dig in. Much appreciated. |
|
@sant123 Yeh, this commit mostly worked for me. What I learned was my vendor is using the "Dynamic Challenge" protocol, and the SAML response is pushed to OpenVPN via the 'password' command in the management interface. To support that, you still need to increase the storage size of the username and password buffer. I've pushed an update with minimal changes needed. See #295. |
|
@sant123 the patch definitively breaks compatiblity as it changes some fields from 2 byte to 4 bytes on the wire protocol without caring about compatibility at all. (e.g the change from |
4 participants
Based on patches found at https://github.com/samm-git/aws-vpn-client, this updates OpenVPN for compatibility with AWS' SAML based authentication.
Thank you for your contribution
You are welcome to open PR, but they are used for discussion only. All
patches must eventually go to the openvpn-devel mailing list for review:
Please send your patch using git-send-email. For example to send your latest commit to the list:
For details, see these Wiki articles: