command-line client should fill in any password field with value supplied via --passwd-on-stdin
I previously proposed adding form field hints to suggest which fields should
be populated with username/password values. David Woodhouse was hesitant to
accept this and we settled on matching the form field names by the first
four characters ("user", "pass") as a temporary compromise:
There's at least one specific case where this interferes with the
usage of the command-line client: some GlobalProtect users need to
specify an "alternative secret field" instead of the default "passwd"
field (using `--usergroup :field_name`).
Because this field's name normally doesn't start with "pass", openconnect
won't accept it via `--passwd-on-stdin`:
script_to_do_fancy_GlobalProtect_SAML_login |
openconnect --protocol=gp -u user --passwd-on-stdin --usergroup portal:portal_cookie_field_name globalprotect.company.com
As far as I can tell, there's not actually any good reason why openconnect
should *only* fill in a password-type field with the supplied password
if its name starts with "pass", so we should get rid of that check.
projects / users / dwmw2 / openconnect.git / commit