Update "Contributing" docs

1. Testing: We understand GlobalProtect IPv6 very well now. No immediate need for
   more testers.
2. New protocols: Reference the MR with working code for at least some
   modes of CheckPoint.
3. Help needed: We *do* need a bunch of help with external auth/SAML/SSO.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/www/contribute.xml b/www/contribute.xml
index 39257d15057324a45c352230ca8b8c57c1938e3a..f4e72d4053b79c4dc5ed1844a1f578c82b31a352 100644 (file)
--- a/www/contribute.xml
+++ b/www/contribute.xml
@@ -98,8 +98,6 @@ bout it.</p>
 it should. There are some things which the regular developers don't have easy access to test,
 some help with testing these would be particularly welcome:</p>
 <ul>
-  <li><b>Testing a PAN GlobalProtect VPN with IPv6 internal addresses.</b><br/>
-  We think we know how this works, but we've not been able to test.</li>
   <li><b>Various authentication methods for Pulse Secure.</b><br/>
   Although it looked sane at first, the Pulse protocol has a lot of horrid
   special cases. Aside from the <a href="tncc.html">Host Checker</a> most
@@ -122,13 +120,26 @@ perhaps even Google Summer of Code projects.</p>
 
 <ul>
   <li><b><a href="https://www.checkpoint.com/products/endpoint-remote-access-vpn-software-blade/">CheckPoint VPN</a></b><br/>
-  This is an IPSec-based VPN with fallback to using the SSL transport. Some discussion of OpenConnect support in this <a href="https://gitlab.com/openconnect/openconnect/issues/13">GitLab ticket</a>. </li>
+  This is an IPSec-based VPN with fallback to using the SSL transport. Some discussion of OpenConnect support in this <a href="https://gitlab.com/openconnect/openconnect/issues/13">GitLab ticket</a>,
+  and working code contributed in <a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/207">MR !207</a>.</li>
   <li><b>Cisco / Nortel IPSec VPN</b><br/>
   These IPSec-based protocols are already supported by <a href="https://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a> to differing extents, but vpnc is no longer actively maintained.
   Since OpenConnect now has ESP support, and since some of these protocols also fall back to operating over TCP when UDP and native ESP aren't available, it may make sense to implement them in OpenConnect now.</li>
+  <li><b>External authentication support for multiple protocols.</b><br/>
+  Many VPNs now use SAML or other technologies to hand off the login/authentication
+  process to a <a href="https://en.wikipedia.org/wiki/Single_sign-on">single sign-on</a> (SSO)
+  provider. Okta and Microsoft Azure are well known cloud-based SSO providers.
+  We have numerous <a href="https://gitlab.com/openconnect/openconnect/-/issues?label_name%5B%5D=External+Auth%2FSAML%2FSSO">issues</a> and
+  <a href="https://gitlab.com/openconnect/openconnect/-/merge_requests?label_name[]=External+Auth%2FSAML%2FSSO">merge requests</a> labeled
+  <tt>External Auth/SAML/SSO</tt>. This is an area where there is a large amount of
+  commonal functionality across protocols, but also a large amount of variation in
+  the details, and where we need careful help designing suitable interfaces for
+  the interactions between OpenConnect's core code, VPN protocol-specific authentication code,
+  and external interfaces for authentication (e.g. web browsers or graphical pop-up
+  interfaces).</li>
 </ul>
 
-<p>Suggestions for other protocols which OpenConnect could usefully implement, are also welcome.</p>
+<p>Suggestions for other protocols which OpenConnect could usefully implement are also welcome.</p>
 
 <h2>Other enhancements</h2>