SSO/SAML-based VPN's

[Michael Butash]

Hi all,

I was doing some various digging through lists and finding little, but was
curious about the general project state and stance toward SAML-based VPN's
from various security vendors. There doesn't seem to be any built-in
methods to handle this in the major VPN plugins or the parents still.

I ask as I've been working mostly with enterprise vendors for a long time,
pan, fortinet, usual names, and most all have SSO-based methods now that
utilize saml/oauth function, none really seem supported aside from some
external projects like openconnect-sso. Currently I'm working on a project
for a customer reviewing various vendors using OpenVPN particularly, but
the desire is to use SAML. Each vendor does support SAML, but with a
hacked-in client support for SAML integrations, and only *sometimes* under
Linux. This includes Aviatrix, Amazon AWS SSLVPN product (no linux client,
go figure), and OpenVPN themselves for their commercial product.

It seems at this point in modern times all NM plugins for any/all
proprietary/open VPN's probably need to support SAML as a method in
general, but where should this start really, in network-manager base, or in
VPN plugins alone?

Is there *any* general plan or discussion to include SSO/SAML functionality
at all in NM or various plugins for VPN features? We're back to relying on
every vendor for themselves to make SSO work in linux, and that rather
sucks as most can't keep their clients working for long and slow to
update/fix.

Thanks in advance!

-mb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/networkmanager/attachments/20240918/1308e291/attachment.htm>