-
Notifications
You must be signed in to change notification settings - Fork 70
/
gp-saml-gui.8
125 lines (119 loc) · 2.83 KB
/
gp-saml-gui.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
.TH gp-saml-gui 8 2020-12-28 "gp-saml-gui"
.SH NAME
gp-saml-gui \- login to a GlobalProtect VPN that uses SAML authentication
.SH SYNOPSIS
.SY gp-saml-gui
.OP -h
.OP --no-verify
.OP -C COOKIES
.OP -K
.OP -p
.OP -g
.OP -c CERT]
.OP --key KEY
.OP -v
.OP -q
.OP -x
.OP -P
.OP -S
.OP -E
.OP -u
.OP --clientos {Windows,Linux,Mac}
.OP -f EXTRA
.B server
.OP --
.OP openconnect_extra ...
.YS
.SH DESCRIPTION
This is a helper script to allow you to interactively login to a
GlobalProtect VPN that uses SAML authentication, so that you can
subsequently connect with OpenConnect.
Some GlobalProtect VPNs which use SAML authentication are amenable
to automated login, using tools such as
.BR openconnect-gp-okta ,
however interactive login is useful for debugging and is a necessary
alternative for some VPNs.
.SH OPTIONS
.TP
.I Positional arguments
.IP
.B server
Hostname or IP address of GlobalProtect server (portal or gateway)
.IP
.B openconnect_extra
Extra arguments to include in output OpenConnect command-line (these should be preceded by
.B --
so that they are not parsed as gp-saml-gui's own options).
.TP
.I Optional arguments
.IP
.B --h, --help
Show help message and exit
.IP
.B --no-verify
Ignore invalid server certificate
.IP
.B -C, --cookies
Use and store cookies in this file
.IP
.B -K, --no-cookies
Don't use or store cookies at all
.IP
.B -g, --gateway
SAML auth to gateway
.IP
.B -i, --ignore-redirects
Use specified gateway hostname as server, ignoring redirects
.IP
.B -p, --portal
SAML auth to portal (default)
.IP
.B -v, --verbose
Increase verbosity of explanatory output to stderr
.IP
.B -q, --quiet
Reduce verbosity to a minimum
.IP
.B -x, --external
Launch external browser (for debugging)
.IP
.B -P, --pkexec-openconnect
Use PolicyKit (\fBpkexec\fR) to exec openconnect
.IP
.B -S, --sudo-openconnect
Use sudo to exec openconnect
.IP
.B -E, --exec-openconnect
Execute openconnect directly (advanced users)
.IP
.B -f, --field
Extra form field(s) to pass to include in the login query string
(e.g. "-f magic-cookie-value=deadbeef01234567")
.TP
.I Client certificate
.IP
.B -c, --cert
PEM file containing client certificate (and optionally private key)
.IP
.B --key
PEM file containing client private key (if not included in same file
as certificate)
.TP
.I Debugging and advanced options
.IP
.B -u, --uri
Treat server as the complete URI of the SAML entry point, rather
than GlobalProtect server
.IP
.B --clientos {Mac,Linux,Windows}
clientos value to send
.SH SEE ALSO
.BR openconnect (8)
.B openconnect-gp-okta
(https://github.com/zdave/openconnect-gp-okta)
.SH COPYRIGHT
This manual page is Copyright 2020 Luca Falavigna <dktrkranz@debian.org>
and Daniel Lenski <dlenski@gmail.com>.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU General Public License, Version 3 or any later
version published by the Free Software Foundation.