2107412 – OpenConnect cannot open browser to complete SAML auth

Bug 2107412 - OpenConnect cannot open browser to complete SAML auth

Summary: OpenConnect cannot open browser to complete SAML auth

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openconnect
Sub Component:
Version:	36
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	David Woodhouse
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-07-14 23:31 UTC by Patrick Lang
Modified:	2022-07-17 01:11 UTC (History)
CC List:	3 users (show)
Fixed In Version:	openconnect-9.01-3.fc36
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-07-17 01:11:16 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	2048406	0	unspecified	CLOSED	Update openconnect	2022-07-14 23:31:08 UTC

Description Patrick Lang 2022-07-14 23:31:09 UTC

Description of problem:


I was just trying out the latest OpenConnect 9.0.1 and corresponding NetworkManager-openconnect update (2048406). That added support for SAML based logins, which is helpful.

I tried it out, and unfortunately I was met with an error:
Failed to spawn external browser for https://(path to my SAML-enabled AnyConnect profile)


If I manually visit that link while the nm-openconnect dialog is up and complete the SAML login, then the browser posts back to OpenConnect's endpoint (localhost:29786), and the VPN connection completes successfully.


This is consistent with a similar issue on Arch described at https://gitlab.com/openconnect/openconnect/-/issues/454 . They pointed to the missing xdg-open support in the build as the culprit.


Version-Release number of selected component (if applicable):
openconnect-9.01-2.fc36 


How reproducible:
Consistent

Steps to Reproduce:
1. Get a VPN connection using SAML-based authentication
2. Create a connection in Gnome-NetworkManager, using the https URL in the Gateway. Select VPN protocol "Cisco AnyConnect or OpenConnect"
3. Leave remaining fields empty
4. Try to connect using network manager. Click "Login"

Actual results:
"Failed to spawn external browser for <omitted private URL>"

Expected results:
I would expect it to open a browser window (via xdg-open) to complete the SAML auth.

Comment 1 Patrick Lang 2022-07-14 23:49:36 UTC

I looked at the build logs: https://kojipkgs.fedoraproject.org//packages/openconnect/9.01/2.fc36/data/logs/x86_64/build.log

and saw that the configure script did not find xdg-open:

 checking for xdg-open... checking for xdg-open... no

Comment 2 Nikos Mavrogiannopoulos 2022-07-15 06:20:42 UTC

Let me try to fix that.

Comment 3 Fedora Update System 2022-07-15 06:30:30 UTC

FEDORA-2022-8eb408a4dc has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-8eb408a4dc

Comment 4 Patrick Lang 2022-07-15 18:16:38 UTC

Thanks! I tested that out and added feedback

Comment 5 Fedora Update System 2022-07-16 01:12:17 UTC

FEDORA-2022-8eb408a4dc has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-8eb408a4dc`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-8eb408a4dc

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 6 Fedora Update System 2022-07-17 01:11:16 UTC

FEDORA-2022-8eb408a4dc has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.