OpenVPN Support Forum

Hello,

we're implementing SSO authentication by using the new 2.5 feature (client pending + WEB_AUTH) but this is not very well documented.
First,: it seems impossible to configure a profile without username and password (username is mandatory when saving the profile), but by definition, there is no login/pass to setup in the client when using SSO, because they'll be provided trough the SSO login form. Any workarround ? (i"'ve seen in the viscosity client an option to disable login/passwd per profile)
then, on the webview itself laaunched by openvpn connect, is there anything to do, when auth process is done, to close the webview and returns to the client UI ? may be trought a window.postMessage handled by openvpn connect ?

thanks
Anthony.

Hey atoy40,

I'm also trying to implement SSO with OpenVPN. Can you share details of your config?
What to do within the web-view is described here:

https://github.com/OpenVPN/openvpn3/blo ... webauth.md

But I did not even manage to open the web-view correctly. I'm sending the WEBAUTH-Response, but so far the client does not open the url.

/Matthias

@mkrauser, are you using a client that support WEBAUTH, like openvpn-connect ?

Anthony.

I've worked on this a few hours or even days, every now and then this is the current state:

This is the relevant line in the server.conf:
The saml-test.php currently just looks like this:
I'm using openvpn-connect on MacOS. The Test-URL is opened in my Browser, but neither appEvent.postMessage(...) nor window.parent.postMessage(...) is working or results in any change whatsoever.

When I try to use internal or hidden mode, the log within openvpn-connect shows the WEB_AUTH response, but does not open the webpage according to the access-logs from my web-server.

If anybody had more success... sharing is caring