Add extra parameters to prelogin request

GPClient/gatewayauthenticator.cpp

@@ -10,7 +10,7 @@ using namespace gpclient::helper;
 
 GatewayAuthenticator::GatewayAuthenticator(const QString& gateway, const PortalConfigResponse& portalConfig)
     : QObject()
-    , preloginUrl("https://" + gateway + "/ssl-vpn/prelogin.esp")
+    , preloginUrl("https://" + gateway + "/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux")
     , loginUrl("https://" + gateway + "/ssl-vpn/login.esp")
     , portalConfig(portalConfig)
 {
@@ -151,11 +151,16 @@ void GatewayAuthenticator::samlAuth(QString samlMethod, QString samlRequest, QSt
 
 void GatewayAuthenticator::onSAMLLoginSuccess(const QMap<QString, QString> &samlResult)
 {
-    PLOGI << "SAML login succeeded, got the prelogin cookie " << samlResult.value("preloginCookie");
+    if (samlResult.contains("preloginCookie")) {
+        PLOGI << "SAML login succeeded, got the prelogin-cookie " << samlResult.value("preloginCookie");
+    } else {
+        PLOGI << "SAML login succeeded, got the portal-userauthcookie " << samlResult.value("userAuthCookie");
+    }
 
     LoginParams params;
     params.setUser(samlResult.value("username"));
     params.setPreloginCookie(samlResult.value("preloginCookie"));
+    params.setUserAuthCookie(samlResult.value("userAuthCookie"));
 
     login(params);
 }

GPClient/portalauthenticator.cpp

@@ -14,7 +14,7 @@ using namespace gpclient::helper;
 
 PortalAuthenticator::PortalAuthenticator(const QString& portal) : QObject()
   , portal(portal)
-  , preloginUrl("https://" + portal + "/global-protect/prelogin.esp")
+  , preloginUrl("https://" + portal + "/global-protect/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux")
   , configUrl("https://" + portal + "/global-protect/getconfig.esp")
 {
 }
@@ -124,9 +124,13 @@ void PortalAuthenticator::samlAuth()
 
 void PortalAuthenticator::onSAMLLoginSuccess(const QMap<QString, QString> samlResult)
 {
-    PLOGI << "SAML login succeeded, got the prelogin cookie " << samlResult.value("preloginCookie");
+    if (samlResult.contains("preloginCookie")) {
+        PLOGI << "SAML login succeeded, got the prelogin-cookie " << samlResult.value("preloginCookie");
+    } else {
+        PLOGI << "SAML login succeeded, got the portal-userauthcookie " << samlResult.value("userAuthCookie");
+    }
 
-    fetchConfig(samlResult.value("username"), "", samlResult.value("preloginCookie"));
+    fetchConfig(samlResult.value("username"), "", samlResult.value("preloginCookie"), samlResult.value("userAuthCookie"));
 }
 
 void PortalAuthenticator::onSAMLLoginFail(const QString msg)
@@ -134,13 +138,14 @@ void PortalAuthenticator::onSAMLLoginFail(const QString msg)
     emitFail(msg);
 }
 
-void PortalAuthenticator::fetchConfig(QString username, QString password, QString preloginCookie)
+void PortalAuthenticator::fetchConfig(QString username, QString password, QString preloginCookie, QString userAuthCookie)
 {
     LoginParams params;
     params.setServer(portal);
     params.setUser(username);
     params.setPassword(password);
     params.setPreloginCookie(preloginCookie);
+    params.setUserAuthCookie(userAuthCookie);
 
     // Save the username and password for future use.
     this->username = username;

GPClient/portalauthenticator.h

@@ -47,7 +47,7 @@ private:
     void tryAutoLogin();
     void normalAuth();
     void samlAuth();
-    void fetchConfig(QString username, QString password, QString preloginCookie = "");
+    void fetchConfig(QString username, QString password, QString preloginCookie = "", QString userAuthCookie = "");
     void emitFail(const QString& msg = "");
 };
 

GPClient/samlloginwindow.cpp

@@ -59,11 +59,19 @@ void SAMLLoginWindow::onResponseReceived(QJsonObject params)
 
     const QString username = headers.value("saml-username").toString();
     const QString preloginCookie = headers.value("prelogin-cookie").toString();
+    const QString userAuthCookie = headers.value("portal-userauthcookie").toString();
 
-    if (!username.isEmpty() && !preloginCookie.isEmpty()) {
+    if (!username.isEmpty()) {
         samlResult.insert("username", username);
+    }
+
+    if (!preloginCookie.isEmpty()) {
         samlResult.insert("preloginCookie", preloginCookie);
     }
+
+    if (!userAuthCookie.isEmpty()) {
+        samlResult.insert("userAuthCookie", userAuthCookie);
+    }
 }
 
 void SAMLLoginWindow::onLoadFinished()
@@ -71,7 +79,8 @@ void SAMLLoginWindow::onLoadFinished()
      LOGI << "Load finished " << this->webView->page()->url().toString();
 
     // Check the SAML result
-    if (!samlResult.value("username").isEmpty() && !samlResult.value("preloginCookie").isEmpty()) {
+    if (samlResult.contains("username")
+            && (samlResult.contains("preloginCookie") || samlResult.contains("userAuthCookie"))) {
         emit success(samlResult);
         accept();
     } else {

README.md

@@ -7,10 +7,10 @@ A GlobalProtect VPN client (GUI) for Linux based on Openconnect and built with Q
 
 ## Features
 
-- Similar user experience as the offical client in macOS.
+- Similar user experience as the official client in macOS.
 - Supports both SAML and non-SAML authentication modes.
 - Supports automatically selecting the preferred gateway from the multiple gateways.
-- Supports switching gateway manually.
+- Supports switching gateway from the system tray menu manually.
 
 ## Prerequisites