SSO Improvements

Suggestions/comments/criticisms are welcome here

lkinley

Posts: 11
Joined: Thu Jan 06, 2022 5:36 am

Post by lkinley » Thu Jan 06, 2022 5:43 am
I am implementing SAML/SSO for our VPNs and have the following suggestions.

1. Use the CA provided for the VPN connection as a valid CA for the SSO login page. We generate our own certificate authorities for everything internal and would like to see the cert warnings absent in the login popup.

2. Update the Viscosity client to 2.5.5+ to support WEB_AUTH in lieu of OPEN_URL

-Lance

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Jan 11, 2022 1:47 pm
Hi Lance,

Thanks for your feedback!

Viscosity actually supports a "Web CA" file, which can be optionally used to validate the SSO/SAML login webpage. There is no GUI option in the editor for this, however it can be specified using either the "web-ca" command (with a path to the Web CA file as the parameter), or inside the configuration file using OpenVPN's inline file syntax: <web-ca>PEM Data</web-ca>

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1