SSO/SAML-based VPN's

[David Woodhouse]

On 18 September 2024 18:56:29 CEST, Michael Butash <michael at butash.net> wrote:
>Hi all,
>
>I was doing some various digging through lists and finding little, but was
>curious about the general project state and stance toward SAML-based VPN's
>from various security vendors. There doesn't seem to be any built-in
>methods to handle this in the major VPN plugins or the parents still.
>
>I ask as I've been working mostly with enterprise vendors for a long time,
>pan, fortinet, usual names, and most all have SSO-based methods now that
>utilize saml/oauth function, none really seem supported aside from some
>external projects like openconnect-sso. Currently I'm working on a project
>for a customer reviewing various vendors using OpenVPN particularly, but
>the desire is to use SAML. Each vendor does support SAML, but with a
>hacked-in client support for SAML integrations, and only *sometimes* under
>Linux. This includes Aviatrix, Amazon AWS SSLVPN product (no linux client,
>go figure), and OpenVPN themselves for their commercial product.
>
>It seems at this point in modern times all NM plugins for any/all
>proprietary/open VPN's probably need to support SAML as a method in
>general, but where should this start really, in network-manager base, or in
>VPN plugins alone?
>
>Is there *any* general plan or discussion to include SSO/SAML functionality
>at all in NM or various plugins for VPN features? We're back to relying on
>every vendor for themselves to make SSO work in linux, and that rather
>sucks as most can't keep their clients working for long and slow to
>update/fix.
>
>Thanks in advance!
>
>-mb

Hm? NetworkManager-openconnect supports SAML and I use it daily...

The KDE Plasma5 authenticator GUI is still lacking the functionality, I believe, but that's a separate issue.