# POST /remote/logincheck (with username and credential fields)
# No 2FA) Completes the login
# With 2FA) Returns a 2FA challenge
-# POST /remote/logincheck (with username, code, and challenge response fields)
+# POST /remote/logincheck (with username and 2FA response fields)
#
# It does not actually validate the credentials in any way, but attempts to
# verify their consistency from one request to the next, by saving their
return '''<response>{}<ssl-tunnel-url>/ssl-tunnel-connect.sslvpn</ssl-tunnel-url></response>'''.format(addrs)
-# Respond to gateway getconfig request
+# Respond to gateway hipreportcheck request
@app.route('/ssl-vpn/hipreportcheck.esp', methods=('POST',))
@check_form_against_session('user', 'portal', 'domain', 'authcookie', 'computer')
def hipcheck():
# token/2FA form name (can be frmLogin, for 2-password-in-one-form option)]
@app.route('/')
def root():
+ # We don't support the Junos/Pulse protocol (which starts with this request)
+ if request.headers.get('Upgrade') == 'IF-T/TLS 1.0' and request.headers.get('Content-Type') == 'EAP':
+ return abort(501)
+
realms = request.args.get('realms')
roles = request.args.get('roles')
confirm = bool(request.args.get('confirm'))
projects / users / dwmw2 / openconnect.git / commitdiff