Webview for SAML does not allow Duo to use a Yubikey
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
network-manager-openconnect (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Thanks a lot for working on the new SAML support for openconnect, I just succeeded to make it work with our cisco anyconnect setup - it is going to make a lot of people happy here. Is there any thing I can do to help get the upstream parts merged - eg confirm it works etc?
For this bug - one thing I hope is simple to resolve is that the webview that is spawned causes Duo MFA to complain it cannot use a Yubikey U2F token because popups are blocked - can popups be unblocked?
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: network-
ProcVersionSign
Uname: Linux 5.15.0-25-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.11-0ubuntu80
Architecture: amd64
CasperMD5CheckR
CasperVersion: 1.468
CurrentDesktop: ubuntu:GNOME
Date: Tue Apr 12 20:44:56 2022
LiveMediaBuild: Ubuntu 22.04 LTS "Jammy Jellyfish" - Daily amd64 (20220409)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: network-
UpgradeStatus: No upgrade log present (probably fresh install)
Upon more research it seems there is alot more wrong here than the misleading message from Duo.
GTK Webkit completely lacks support for webauthn, so it is pointless to think about anything at the network- manager- openconnect level. This means this will not support security tokens for VPN login.