aprudnev
aprudnev
Actually, it is important. We just created POC of WebAuth and OpenVPN (using Ping Federate as IdP). It works well. But when we try to match IP assigned to the...
Other interesting problem related to logout (as usual, login/connect is way easier vs logout/disconnect). We want to clear session on explicit disconnect - if user disconnected he DISCONNECTED. ideally I...
This is partially true. Our POC uses openvpn-auth-oauth2 plugin. It all works pretty well, but we (still, even as I added 'use user name as common name' option) still do...
It logs username. BUT, it is absolutely critical to link IP assigned by OPENVPN (and session) with user name. One of security requirements is _all access events must be logged,...
Can OpenVPN use mapped attributes from OIDC as user name in it's logs? Of course, if it provides IP and session start/end to the plugin, plugin can log it too...
Good discussion, thanks. One more. maybe last, notice. It can be very useful if openjvpn can use groups or roles, provided by plugins like oauth2 one, to decide on IP...
AS supports saml only, so they can be interested in idc/oauth integration into AS version, too. (SAML is actually terrible protocol, very annoying to configure and support and not easy...
Having more functions outside of core code is, maybe, good idea, as we see the same in K8S, for example. Problem is that information must be available between components. If...