- Updating dependencies
- Add support for MFA popup dialogs
- Pass cookie in STDIN to hide its value in
psoutput - Support NixOS 21.11
- More failsafe method to reuse existing authentication sessions, so that entering password/MFA token may not be needed at all. Persisting HTTP cookies were prone to a race condition which is hopefully mitigated by this change.
- Update dependencies
keyringandimportlib-metadata(pull/52)
- Do not fail if keyring is not accessible (issues/45, pull/46)
- Updating dependencies and support
pyxdg 0.27(pull/49)
- It is now possible to reuse previous authentication sessions, so that entering password/MFA token may not be needed at all.
- Updating
poetry2nixto fix build onnixpkgs-unstable(issues/40, pull/41) - Relax
structlog's version restriction (pull/44)
- Updating dependencies to newer versions
python-keyringis updated to 22.0.1 to fix Arch Linux (AUR) packaging
-
Use "modern" style authentication header (pull/37)
It is inspired by openconnect/mr/75 Without this header recent AnyConnect servers will not send the correct reply redirecting to the authentication page
-
New
--on-disconnectargument to run shell command whenopenconnectexits (pull/33)It is useful for example to restart SSH Control Master connections upon exit.
-
Adding
--proxyargument from OpenConnect (pull/20)Authentication honors this argument too
-
Experimental Windows support (pull/16)
sudobinary needs to be installed in addition toopenconnect
- Application no longer crashes when the config file is not readable (pull/33)
- Work around issue with password retrieval from
kwallet(pull/26)
-
Adding
--authgroupargument from OpenConnectSome VPN endpoints require users to post a valid authgroup (in OpenConnect lingua) as part of the
group-accessxml node. Up until now it was only possilbe to override the authgroup from the configuration or from an AnyConnect XML profile.
- Removed max version constraint from
attrsand update dependencies. It works with a more recent version after theconvert=deprecation issues had been resolved for the previous upgrade.
It is now possible to install openconnect-sso using a systemwide
installation of Qt by declaring dependencies to PyQt5 and
PyQtWebEngine optional.
-
--authenticate [json|shell]command line argument Exits after authentication and displays the authentication information needed to initiate a connection. When theshelloutput format is used the output is formatted the same way asopenconnectformats its output when the same argument is used. Whenjsonformat is used, the same information is displayed in json format.Kudos to @rschmied for the original pull request.
-
--version/-Vcommand line argument Displays the version ofopenconnect-sso -
--browser-display-mode [shown|hidden]command line argument Ifhiddenis specified the browser login window is not displayed. Keep in mind thatin that case there is no way to manually enter credentials so make sure that you can login with saved settings without interacting with the webpage before selecting this option.
-
Use the
--authenticatecommand line argument instead of--auth-only. The latter argument has been removed from this version ofopenconnect-sso. -
As it is now possible to choose between a bundled or preinstalled version of Qt, that means that
PyQt5is no longer a required dependency. To keep installingopenconnect-ssowith all its dependencies:pip install --user --upgrade "openconnect-sso[full]"To use the systemwide installation of
PyQt5andPyQtWebEngineinstall them via your distribution's package manager:apt install python-pyqt5 python3-pyqt5.qtwebengineThen install
openconnect-sso:pip install --user --upgrade openconnect-sso
-
Dependencies updated to newer versions
-
The browser window runs its separate process in order to not let
PyQtpollute the root process and make the core able to still useasynciowithout any hassle.Unfortunately spawning a separate Python instance is not so trivial as it won't inherit all state from the parent process. It makes the application harder to integrate in more exotic deployments such as in
NixOS.End-users should not observe any changes in behavior.
- #8 Show error returned by VPN endpoint when authentication starts
--servercommand line option only had an effect whenopenconnect-ssois started for the first time. Subsequent executions always loaded the server setting from the saved configuration.
- Support redirection when e.g. VPN endpoint is behind a load-balancer
- Browser window was not shown
- Pasword was logged in debug mode
- Add a version constraint to
attrspackage because version19.2.0removed support for theconvertconstructor argument.
It is strongly suggested to remove the [auto_fill_rules] section from
the configuration file or delete the entire file located at
$XDG_CONFIG_HOME/openconnect-sso/config.toml (most probably
~/.config/openconnect-sso/config.toml). The fix of #4 involves an
update of the auto-fill rules but unfortulately they are persisted when
the application is first started. Removing them from the configuration
forces the updated set of rules to be written in the configuration.
- The embedded browser will now stop and waits for user input when the previously stored credentials are invalid. This still not the proper solution as saved credentials are not upd# Changelog
-
Adding
--authgroupargument from OpenConnectSome VPN endpoints require users to post a valid authgroup (in OpenConnect lingua) as part of the
group-accessxml node. Up until now it was only possilbe to override the authgroup from the configuration or from an AnyConnect XML profile.
- Removed max version constraint from
attrsand update dependencies. It works with a more recent version after theconvert=deprecation issues had been resolved for the previous upgrade.
It is now possible to install openconnect-sso using a systemwide
installation of Qt by declaring dependencies to PyQt5 and
PyQtWebEngine optional.
--authenticate [json|shell]command line a# Change