439612 – plasma-nm Applet does not prompt for login credentials when connecting to GlobalProtect VPN

Bug 439612 - plasma-nm Applet does not prompt for login credentials when connecting to GlobalProtect VPN

Summary: plasma-nm Applet does not prompt for login credentials when connecting to Glo...

Status:	REPORTED

Alias:	None

Product:	plasmashell
Classification:	Plasma
Component:	Networking in general (show other bugs)
Version:	master
Platform:	Arch Linux Linux

Importance:	NOR normal
Target Milestone:	1.0
Assignee:	Jan Grulich

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-07-07 18:54 UTC by mason2371
Modified:	2024-12-23 18:23 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Screenshot of kdialog missing the username and password fields (31.28 KB, image/png) 2021-07-07 18:54 UTC, mason2371	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description mason2371 2021-07-07 18:54:19 UTC

Created attachment 139926 [details]
Screenshot of kdialog missing the username and password fields

SUMMARY

When connecting to a global protect vpn via the plasma-nm applet, the auth dialog appears, but does not have fields for username and password. If the connect button next to the selected gateway is pressed, an error appears stating 'Unexpected 200 result'.

I've done some debugging, and it appears that the problem is that Network Manager (verified with nmcli) does not run the authenticate step of openconnect and just asks for the gateway, certificate, and cookie (the results of an openconnect --authenticate command).

I'm not sure if this would be considered a Network Manager bug, but I think that the plasma applet should account for this to insulate the user from the technical login process, even if network manager and nmcli are not user-friendly.

Note that I am able to connect to the vpn using a script (see ADDITIONAL INFORMATION), so the openconnect system is working. The problem is that the applet (and nmcli) do not perform the intermediate authentication steps that the user shouldn't have to worry about.


STEPS TO REPRODUCE
1. Install plasma-nm 5.21.5-1, networkmanager-openconnect 1.2.7, and networkmanager 1.30.4-3 (these are the current versions in a Manjaro system)
2. Add a vpn connection via the plasma network settings, set to globalprotect
3. Attempt to connect to the new vpn connection

OBSERVED RESULT
The authentication dialog appears with no fields for username and password

EXPECTED RESULT
The authentication dialog should have fields to enter a username and password, to be passed to the command `openconnect --authenticate`, whose output would be passed to network manager

SOFTWARE/OS VERSIONS
Manjaro Linux 5.10.42-1-MANJARO
KDE Plasma Version: 5.21.5
KDE Frameworks Version: 5.82.0
Qt Version: 5.15.2

ADDITIONAL INFORMATION
The following script properly connects to the vpn as expected:
#!/usr/bin/env bash
tmp=$(mktemp)
chmod 600 "$tmp"
eval "$(ksshaskpass | openconnect --protocol=gp --authenticate --user=me vpn.domain --passwd-on-stdin)"
cat <<EOF > "$tmp"
vpn.secrets.cookie:$COOKIE
vpn.secrets.gwcert:$FINGERPRINT
vpn.secrets.gateway:$HOST
EOF
nmcli --ask con up connection-name passwd-file "$tmp"
rm "$tmp"

Comment 1 Thiago Macieira 2024-04-05 15:43:28 UTC

Pointing out that this has changed considerably in Plasma 6 because of the update in qtwebengine. I suggest retrying.

Comment 2 Ben Cooksley 2024-12-23 18:23:40 UTC

Bulk transfer as requested in T17796