forked from dlenski/gp-saml-gui
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgp-saml-gui.8
118 lines (112 loc) · 2.66 KB
/
gp-saml-gui.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
.TH gp-saml-gui 8 2020-12-28 "gp-saml-gui"
.SH NAME
gp-saml-gui \- login to a GlobalProtect VPN that uses SAML authentication
.SH SYNOPSIS
.SY gp-saml-gui
.OP -h
.OP --no-verify
.OP -C COOKIES
.OP -K
.OP -p
.OP -g
.OP -c CERT]
.OP --key KEY
.OP -v
.OP -q
.OP -x
.OP -P
.OP -S
.OP -u
.OP --clientos {Windows,Linux,Mac}
.OP -f EXTRA
.B server
.OP --
.OP openconnect_extra ...
.YS
.SH DESCRIPTION
This is a helper script to allow you to interactively login to a
GlobalProtect VPN that uses SAML authentication, so that you can
subsequently connect with OpenConnect.
Some GlobalProtect VPNs which use SAML authentication are amenable
to automated login, using tools such as
.BR openconnect-gp-okta ,
however interactive login is useful for debugging and is a necessary
alternative for some VPNs.
.SH OPTIONS
.TP
.I Positional arguments
.IP
.B server
Hostname or IP address of GlobalProtect server (portal or gateway)
.IP
.B openconnect_extra
Extra arguments to include in output OpenConnect command-line (these should be preceded by
.B --
so that they are not parsed as gp-saml-gui's own options).
.TP
.I Optional arguments
.IP
.B --h, --help
Show help message and exit
.IP
.B --no-verify
Ignore invalid server certificate
.IP
.B -C, --cookies
Use and store cookies in this file
.IP
.B -K, --no-cookies
Don't use or store cookies at all
.IP
.B -g, --gateway
SAML auth to gateway
.IP
.B -p, --portal
SAML auth to portal (default)
.IP
.B -v, --verbose
Increase verbosity of explanatory output to stderr
.IP
.B -q, --quiet
Reduce verbosity to a minimum
.IP
.B -x, --external
Launch external browser (for debugging)
.IP
.B -P, --pkexec-openconnect
Use PolicyKit (\fBpkexec\fR) to exec openconnect
.IP
.B -S, --sudo-openconnect
Use sudo to exec openconnect
.IP
.B -f, --field
Extra form field(s) to pass to include in the login query string
(e.g. "-f magic-cookie-value=deadbeef01234567")
.TP
.I Client certificate
.IP
.B -c, --cert
PEM file containing client certificate (and optionally private key)
.IP
.B --key
PEM file containing client private key (if not included in same file
as certificate)
.TP
.I Debugging and advanced options
.IP
.B -u, --uri
Treat server as the complete URI of the SAML entry point, rather
than GlobalProtect server
.IP
.B --clientos {Mac,Linux,Windows}
clientos value to send
.SH SEE ALSO
.BR openconnect (8)
.B openconnect-gp-okta
(https://github.com/zdave/openconnect-gp-okta)
.SH COPYRIGHT
This manual page is Copyright 2020 Luca Falavigna <[email protected]>
and Daniel Lenski <[email protected]>.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU General Public License, Version 3 or any later
version published by the Free Software Foundation.