Try to fix saml hang (#14)

* Try to fix saml login hang

* Add more logs

* Add version number

GPClient/gatewayauthenticator.cpp

@@ -10,7 +10,7 @@ using namespace gpclient::helper;
 
 GatewayAuthenticator::GatewayAuthenticator(const QString& gateway, const PortalConfigResponse& portalConfig)
     : QObject()
-    , preloginUrl("https://" + gateway + "/ssl-vpn/prelogin.esp")
+    , preloginUrl("https://" + gateway + "/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux")
     , loginUrl("https://" + gateway + "/ssl-vpn/login.esp")
     , portalConfig(portalConfig)
 {
@@ -151,11 +151,16 @@ void GatewayAuthenticator::samlAuth(QString samlMethod, QString samlRequest, QSt
 
 void GatewayAuthenticator::onSAMLLoginSuccess(const QMap<QString, QString> &samlResult)
 {
-    PLOGI << "SAML login succeeded, got the prelogin cookie " << samlResult.value("preloginCookie");
+    if (samlResult.contains("preloginCookie")) {
+        PLOGI << "SAML login succeeded, got the prelogin-cookie " << samlResult.value("preloginCookie");
+    } else {
+        PLOGI << "SAML login succeeded, got the portal-userauthcookie " << samlResult.value("userAuthCookie");
+    }
 
     LoginParams params;
     params.setUser(samlResult.value("username"));
     params.setPreloginCookie(samlResult.value("preloginCookie"));
+    params.setUserAuthCookie(samlResult.value("userAuthCookie"));
 
     login(params);
 }

GPClient/main.cpp

@@ -6,6 +6,8 @@
 #include <plog/Log.h>
 #include <plog/Appenders/ColorConsoleAppender.h>
 
+static const QString version = "v1.2.2";
+
 int main(int argc, char *argv[])
 {
     const QDir path = QStandardPaths::writableLocation(QStandardPaths::GenericCacheLocation) + "/GlobalProtect-openconnect";
@@ -17,6 +19,8 @@ int main(int argc, char *argv[])
     static plog::ColorConsoleAppender<plog::TxtFormatter> consoleAppender;
     plog::init(plog::debug, logFile.toUtf8()).addAppender(&consoleAppender);
 
+    PLOGI << "GlobalProtect started, version: " << version;
+
     QString port = QString::fromLocal8Bit(qgetenv(ENV_CDP_PORT));
 
     if (port == "") {

GPClient/portalauthenticator.cpp

@@ -14,7 +14,7 @@ using namespace gpclient::helper;
 
 PortalAuthenticator::PortalAuthenticator(const QString& portal) : QObject()
   , portal(portal)
-  , preloginUrl("https://" + portal + "/global-protect/prelogin.esp")
+  , preloginUrl("https://" + portal + "/global-protect/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux")
   , configUrl("https://" + portal + "/global-protect/getconfig.esp")
 {
 }
@@ -124,9 +124,13 @@ void PortalAuthenticator::samlAuth()
 
 void PortalAuthenticator::onSAMLLoginSuccess(const QMap<QString, QString> samlResult)
 {
-    PLOGI << "SAML login succeeded, got the prelogin cookie " << samlResult.value("preloginCookie");
+    if (samlResult.contains("preloginCookie")) {
+        PLOGI << "SAML login succeeded, got the prelogin-cookie " << samlResult.value("preloginCookie");
+    } else {
+        PLOGI << "SAML login succeeded, got the portal-userauthcookie " << samlResult.value("userAuthCookie");
+    }
 
-    fetchConfig(samlResult.value("username"), "", samlResult.value("preloginCookie"));
+    fetchConfig(samlResult.value("username"), "", samlResult.value("preloginCookie"), samlResult.value("userAuthCookie"));
 }
 
 void PortalAuthenticator::onSAMLLoginFail(const QString msg)
@@ -134,13 +138,14 @@ void PortalAuthenticator::onSAMLLoginFail(const QString msg)
     emitFail(msg);
 }
 
-void PortalAuthenticator::fetchConfig(QString username, QString password, QString preloginCookie)
+void PortalAuthenticator::fetchConfig(QString username, QString password, QString preloginCookie, QString userAuthCookie)
 {
     LoginParams params;
     params.setServer(portal);
     params.setUser(username);
     params.setPassword(password);
     params.setPreloginCookie(preloginCookie);
+    params.setUserAuthCookie(userAuthCookie);
 
     // Save the username and password for future use.
     this->username = username;

GPClient/portalauthenticator.h

@@ -47,7 +47,7 @@ private:
     void tryAutoLogin();
     void normalAuth();
     void samlAuth();
-    void fetchConfig(QString username, QString password, QString preloginCookie = "");
+    void fetchConfig(QString username, QString password, QString preloginCookie = "", QString userAuthCookie = "");
     void emitFail(const QString& msg = "");
 };
 

GPClient/samlloginwindow.cpp

@@ -59,22 +59,41 @@ void SAMLLoginWindow::onResponseReceived(QJsonObject params)
 
     const QString username = headers.value("saml-username").toString();
     const QString preloginCookie = headers.value("prelogin-cookie").toString();
+    const QString userAuthCookie = headers.value("portal-userauthcookie").toString();
 
-    if (!username.isEmpty() && !preloginCookie.isEmpty()) {
+    LOGI << "Response received from " << response.value("url").toString();
+
+    if (!username.isEmpty()) {
+        LOGI << "Got username from SAML response headers " << username;
         samlResult.insert("username", username);
+    }
+
+    if (!preloginCookie.isEmpty()) {
+        LOGI << "Got prelogin-cookie from SAML response headers " << preloginCookie;
         samlResult.insert("preloginCookie", preloginCookie);
     }
-}
 
-void SAMLLoginWindow::onLoadFinished()
+    if (!userAuthCookie.isEmpty()) {
-{
+        LOGI << "Got portal-userauthcookie from SAML response headers " << userAuthCookie;
-     LOGI << "Load finished " << this->webView->page()->url().toString();
+        samlResult.insert("userAuthCookie", userAuthCookie);
+    }
 
     // Check the SAML result
-    if (!samlResult.value("username").isEmpty() && !samlResult.value("preloginCookie").isEmpty()) {
+    if (samlResult.contains("username")
+            && (samlResult.contains("preloginCookie") || samlResult.contains("userAuthCookie"))) {
+        LOGI << "Got the SAML authentication information successfully. "
+             << "username: " << samlResult.value("username")
+             << ", preloginCookie: " << samlResult.value("preloginCookie")
+             << ", userAuthCookie: " << samlResult.value("userAuthCookie");
+
         emit success(samlResult);
         accept();
     } else {
         this->show();
     }
 }
+
+void SAMLLoginWindow::onLoadFinished()
+{
+     LOGI << "Load finished " << this->webView->page()->url().toString();
+}

README.md

@@ -7,10 +7,10 @@ A GlobalProtect VPN client (GUI) for Linux based on Openconnect and built with Q
 
 ## Features
 
-- Similar user experience as the offical client in macOS.
+- Similar user experience as the official client in macOS.
 - Supports both SAML and non-SAML authentication modes.
 - Supports automatically selecting the preferred gateway from the multiple gateways.
-- Supports switching gateway manually.
+- Supports switching gateway from the system tray menu manually.
 
 ## Prerequisites