-
Notifications
You must be signed in to change notification settings - Fork 41
/
gp-okta.conf
53 lines (47 loc) · 1.86 KB
/
gp-okta.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# --- general
#debug = 0
okta_url = https://company.okta.lan
vpn_url = https://vpn.company.lan
# use Okta Identity Engine (enabled by default)
#okta_oie = 1
# "gateway_url" forces authentication with specific gateway.
#gateway_url = https://ny1-gw.my.lan
# "another_dance" (0/1) defines whether to do second authentication, i.e.,
# after authentication with portal, do another authentication with gateway.
#another_dance = 0
username = myuser
password = mypass
# "gateway" is a preferred gateway selection, which portal asks for.
gateway = NEWYORK1-GW
# --- multi-factor authentication
#mfa_order = totp sms push webauthn
#sms.okta = 0
#totp.okta = ABCDEFGHIJKLMNOP
#totp.google = ABCDEFGHIJKLMNOP
#totp.symantec = ABCDEFGHIJKLMNOP
# --- certificates
# any defined "*_cert" is path to readable and unencrypted certificate file.
# "vpn_url_cert" and "okta_url_cert" are used to verify relevant URLs.
# "vpn_cli_cert" and "okta_cli_cert" are used as client certificate.
# any other "*_cert" and "vpn_url_cert" will be added to certs (see below).
#
#okta_url_cert = okta.pem
#okta_cli_cert = okta_cli.pem
#vpn_url_cert = vpn.pem
#vpn_cli_cert = vpn_cli.pem
#
# "certs" is (optional) path to certificate file, which will be overwritten
# and stored with all certificates encountered (in config and portal config).
# by default, "certs" is not specified, so a temporary file will be created.
# it will be used to verify gateways and passed to openconnect executable.
#
#certs = certs.pem
# --- execution
# "execute" (0/1) defines if openconnect (as specified with "openconnect_cmd"
# and "openconnect_args") is executed after OKTA authentication dance.
execute = 0
openconnect_cmd = sudo openconnect
openconnect_args =
# "openconnect_fmt" is manually specified format what to pipe to openconect.
# supports <cookie>, <username>, etc. other characters are provided as-is
#openconnect_fmt = <cookie><cookie>