Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2035411 - NetworkManager-openconnect doesn't support SAML/SSO logins
Summary: NetworkManager-openconnect doesn't support SAML/SSO logins
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: openconnect
Version: 37
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: David Woodhouse
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-12-24 00:16 UTC by Jeremy Nickurak
Modified: 2023-05-26 01:31 UTC (History)
18 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-05-19 01:16:49 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Jeremy Nickurak 2021-12-24 00:16:24 UTC
NetworkManager-openconnect doesn't currently support SAML authentication. Any VPNs that require Web-logins like SSO are unusable without extra steps:

There are a few attempts to resolve this:

- A gitlab MR pending matched with debian/ubuntu out-of-tree support, targeting Ubuntu 22.04: https://gitlab.com/openconnect/openconnect/-/merge_requests/299

- Another older MR: https://gitlab.com/openconnect/openconnect/-/merge_requests/75

- There's a 3rd party wrapper script called openconnect-sso: https://github.com/vlaci/openconnect-sso

The first seems most likely to provide short-term good-user-experience support, by way of actual integration with NetworkManager.

Comment 1 Pavel Roskin 2022-02-06 06:32:24 UTC
I was able to compile Fedora 35 packages with the patches from Ubuntu 22.04. Sadly, they made no difference for my setup, which is Pulse Secure with Okta authentication. This package lets me connect https://github.com/utknoxville/openconnect-pulse-gui (proper NetworkManager integration would be much better, obviously).
Anyway, since others can benefit from those patches, I want to share my experience briefly.
Both openconnect and NetworkManager-openconnect need to be patched. NetworkManager-openconnect should require (definitely for build and likely for runtime) the patched openconnect, as it adds new two new functions.
The patch for openconnect needs to be adjusted slightly, as it touches libopenconnect.map.in very close to the place where 0002-Unconditionally-bypass-system-crypto-policy.patch modifies it.
NetworkManager-openconnect needs a new dependency in the specfile: BuildRequires: pkgconfig(webkit2gtk-4.0)
No other patches from the Ubuntu packages are needed to make the Fedora packages compile.

Comment 2 Ben Cotton 2022-02-08 20:13:55 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 36 development cycle.
Changing version to 36.

Comment 3 Eric Work 2022-06-19 03:16:21 UTC
Are there any attempts being made to upstream the Ubuntu patches so Fedora and other distros benefit?

Comment 4 Eric Work 2022-06-19 04:07:03 UTC
From what I'm seeing and hearing from colleagues the changes have been merged upstream. openconnect 9.0.1 (see https://www.infradead.org/openconnect/changelog.html) was built with Koji for fc36, but never released for some reason. That is one of the requirements. There are fixes for NetworkManager-openconnect already merged (https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/merge_requests/26), but not in a released version yet. Not sure how feasible it is to try and extract the required patches or just wait for the next release.

Comment 5 Nikos Mavrogiannopoulos 2022-07-23 16:02:45 UTC
The current F36 should contain the necessary changes. Please reopen if not.

Comment 6 Jeremy Nickurak 2022-07-25 04:01:44 UTC
If I'm not mistaken, the required changes to NetworkManager-openconnect are not in F36 currently.

Those are merged into upstream mainline, but still not in any released version of NetworkManeger-openconnect.

Comment 7 Eric Work 2022-07-25 04:43:50 UTC
My experience has been that you need patches for both openconnect and NetworkManager-openconnect for it to work. All the necessary patches for my company's VPN server, which now requires SAML/SSO, have been merged upstream, but are not yet in the most recent releases.

Comment 8 Jeremy Nickurak 2022-07-25 16:33:01 UTC
Confirmed as not working in F36 with my employer's AnyConnect-based VPN right now, attempting to log in results in a "No SSO handler" error.

Comment 9 Jeremy Nickurak 2022-08-29 04:10:19 UTC
I was able to get my employer's AnyConnect-based VPN working with a couple COPRs enabled recently:


NetworkManager 1.40.1
openconnect 9.01.git.55.92084ea
NetworkManager-openconnect 1.2.9.git.80.2f48f84

With these COPRs:

https://copr.fedorainfracloud.org/coprs/dwmw2/openconnect/
https://copr.fedorainfracloud.org/coprs/networkmanager/NetworkManager-1.40-debug/

Comment 10 Romain Failliot 2022-09-26 16:14:23 UTC
(In reply to Jeremy Nickurak from comment #9)
> I was able to get my employer's AnyConnect-based VPN working with a couple
> COPRs enabled recently:
> 
> 
> NetworkManager 1.40.1
> openconnect 9.01.git.55.92084ea
> NetworkManager-openconnect 1.2.9.git.80.2f48f84
> 
> With these COPRs:
> 
> https://copr.fedorainfracloud.org/coprs/dwmw2/openconnect/
> https://copr.fedorainfracloud.org/coprs/networkmanager/NetworkManager-1.40-
> debug/

Have you tried with Fedora 37? It seems that the packages are one patch release away from the versions you mentioned:

* NetworkManager: 1.40.0-1.fc37 vs 1.40.1
* NetworkManager-openconnect: 1.2.8-3.fc37 vs 1.2.9.git.80.2f48f84
* openconnect: 9.01-3.fc37 vs 9.01.git.55.92084ea (this one seems good)

Comment 11 Romain Failliot 2022-09-26 17:14:31 UTC
(In reply to Romain Failliot from comment #10)
> Have you tried with Fedora 37? It seems that the packages are one patch
> release away from the versions you mentioned:
> 
> * NetworkManager: 1.40.0-1.fc37 vs 1.40.1
> * NetworkManager-openconnect: 1.2.8-3.fc37 vs 1.2.9.git.80.2f48f84
> * openconnect: 9.01-3.fc37 vs 9.01.git.55.92084ea (this one seems good)

I just tried with Fedora 37 Beta and (after upgrading the OS) I still have the "No SSO handler" error when trying to log in.

@dwmw2 do you think it would be possible to get the latest release for these three packages ready for Fedora 37?

Comment 12 Jeremy Nickurak 2022-09-27 04:58:46 UTC
Confirming here, Fedora 37 still doesn't connect successfully.

I once again re-enabled the https://copr.fedorainfracloud.org/coprs/dwmw2/openconnect/ copyr (*but not https://copr.fedorainfracloud.org/coprs/networkmanager/NetworkManager-1.40-debug/ *), and at that point all worked correctly.

Comment 13 Jeremy Nickurak 2022-09-27 05:06:52 UTC
dnf log from the run that fixed things:

2022-09-26T22:54:47-0600 DEBUG --> Starting dependency resolution
2022-09-26T22:54:47-0600 DEBUG ---> Package NetworkManager-openconnect.x86_64 1.2.8-3.fc37 will be upgraded
2022-09-26T22:54:47-0600 DEBUG ---> Package NetworkManager-openconnect.x86_64 1.2.9.git.81.3c15907-0.fc37 will be an upgrade
2022-09-26T22:54:47-0600 DEBUG ---> Package NetworkManager-openconnect-gnome.x86_64 1.2.8-3.fc37 will be upgraded
2022-09-26T22:54:47-0600 DEBUG ---> Package NetworkManager-openconnect-gnome.x86_64 1.2.9.git.81.3c15907-0.fc37 will be an upgrade
2022-09-26T22:54:47-0600 DEBUG ---> Package openconnect.x86_64 9.01-3.fc37 will be upgraded
2022-09-26T22:54:47-0600 DEBUG ---> Package openconnect.x86_64 9.01.git.74.76dc679-0.fc37 will be an upgrade
2022-09-26T22:54:47-0600 DEBUG --> Finished dependency resolution

Haven't looked any closer to see which one of those resolved the "No SSO handler" error which was (IIRC) the same symptom on F36 w/o any coprs added.

Comment 14 Jeremy Nickurak 2022-09-27 05:09:20 UTC
(oops, didn't mean to clear that needsinfo)

Comment 15 Ken Dreyer (Red Hat) 2022-12-22 21:51:07 UTC
I've been using https://github.com/dlenski/gp-saml-gui but I wanted to make this work with NetworkManager.

Here are the versions in Fedora 37 (do not work for me):
  NetworkManager-openconnect       1.2.8-3.fc37 
  NetworkManager-openconnect-gnome 1.2.8-3.fc37
  openconnect                      9.01-3.fc37

I enabled the Copr, upgraded the packages, and restarted NetworkManager:
  dnf copr enable -y dwmw2/openconnect
  dnf distro-sync
  systemctl restart NetworkManager

Now these versions are working for me:
  NetworkManager-openconnect       1.2.9.git.83.7bdfee8-0.fc37
  NetworkManager-openconnect-gnome 1.2.9.git.83.7bdfee8-0.fc37
  openconnect                      9.01.git.113.f873e8f-0.fc37

Comment 16 Raphael Groner 2022-12-28 05:29:59 UTC
Input with OTP gets successfully accepted by real Cisco AnyConnect server but NetworkManager does not recognize and still keeps dialog open with permanent error message about "unrecognized authentication type".
 
"You have successfully authenticated. You may now close this browser tab." but clicking on any of buttons Connect, Login again or even Close does not do anything. VPN stays inactive.

Packages installed & updated from dwm2 copr as stated below.

openconnect-9.01-3.fc37.x86_64
NetworkManager-openconnect-1.2.9.git.83.7bdfee8-0.fc37.x86_64
NetworkManager-openconnect-gnome-1.2.9.git.83.7bdfee8-0.fc37.x86_64
stoken-libs-0.92-7.fc37.x86_64


BTW is it alternatively possible in that popup dialog to use also token e.g. yubikey with QtWebEngine as the obvious browser widget?

Comment 17 Raphael Groner 2022-12-29 10:54:51 UTC
These packages work for AnyConnect setup here.

openconnect-9.01.git.119.1f5a780-0.fc37.x86_64
NetworkManager-openconnect-1.2.9.git.83.7bdfee8-0.fc37.x86_64
NetworkManager-openconnect-gnome-1.2.9.git.83.7bdfee8-0.fc37.x86_64
libtasn1-4.19.0-1.fc37.x86_64
stoken-libs-0.92-7.fc37.x86_64

Comment 18 Raphael Groner 2022-12-29 10:56:56 UTC
Please update packages.

Comment 19 Allen Chen 2023-04-12 02:54:07 UTC
Could I know if this if fixed in FC38?

Comment 20 Raphael Groner 2023-04-12 08:57:35 UTC
(In reply to Allen Chen from comment #19)
> Could I know if this if fixed in FC38?

Propably no. Maybe try openconnect-sso package from external repo of dwm2 copr.

Comment 21 Allen Chen 2023-04-13 01:06:11 UTC
Thanks, Raphael.

Comment 22 Raphael Groner 2023-04-13 17:32:26 UTC
(In reply to Allen Chen from comment #21)
> Thanks, Raphael.

You're welcome. Wondering too why there is no progress so far as more and more services start to request two factor auth via saml/sso.

Comment 23 Allen Chen 2023-04-20 09:40:43 UTC
I tried dwmw2/openconnect on FC38 and got CRASH when edit Network VPN connections always, not sure if anyone makes this working on FC38.
FC38 has 1.2.8 for NetworkManager-openconnect and NetworkManager-openconnect-gnome instead of 1.2.9 in dwmw2/openconnect.

Comment 24 Raphael Groner 2023-04-20 10:20:00 UTC
It still works for me with Fedora 37 and AnyConnect, for relevant packages see comment #17. No idea though what's maybe different within Fedora 38 then, though I'm going to upgrade soonish.

Comment 25 Allen Chen 2023-04-21 00:18:12 UTC
The packages I have on FC38 with Gnome Setting CRASH editing network VPN connections,

openconnect-9.01.git.181.e1a3be3-0.fc38.x86_64
NetworkManager-openconnect-1.2.9.git.111.9dd5870-0.fc38.x86_64
NetworkManager-openconnect-gnome-1.2.9.git.111.9dd5870-0.fc38.x86_64

Comment 26 Raphael Groner 2023-04-21 05:36:06 UTC
There's now update for mentioned packages landed for Fedora 37, too. I can wait.

Comment 27 Ben Cotton 2023-04-25 16:47:02 UTC
This message is a reminder that Fedora Linux 36 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 36 on 2023-05-16.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '36'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version. Note that the version field may be hidden.
Click the "Show advanced fields" button if you do not see it.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 36 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.

Comment 28 David Woodhouse 2023-04-26 09:02:07 UTC
Thanks for your patience. We're working on a new release of NetworkManager-openconnect and openconnect. Any test results with the latest builds in the COPR at https://copr.fedorainfracloud.org/coprs/dwmw2/openconnect/package/NetworkManager-openconnect/ would be much appreciated.

We believe we have fixed:
 • "Socket accept cancelled" in KDE Plasma-NM immediately after launching browser
 • GNOME auth GUI locking up after launching Chrome, if a Chrome window already exists. (Or any other browser that spews noise to stdout)

I'd be very interested in the crash that you report, Allen. Please can you help us to reproduce this: how is the network configured and precisely how are you editing it, and how do you make it crash? Can you catch it in gdb or point to a captured crash dump?

Comment 29 David Woodhouse 2023-04-26 09:03:35 UTC
(We'd also like to fix the outstanding configuration issue with PKCS#11 URIs before the release, discussed at https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/merge_requests/43 )

Comment 30 Allen Chen 2023-04-26 13:25:59 UTC
hi, David, 
I have latest FC38 installation with COPR packages,

penconnect-9.01.git.182.017b7b4-0.fc38.x86_64
NetworkManager-openconnect-1.2.9.git.114.233675e-0.fc38.x86_64
NetworkManager-openconnect-gnome-1.2.9.git.114.233675e-0.fc38.x86_64

I can simple re-produce the CRASH as follow,

Open GNOME Settings, go to Network, Add connection, Select the first one Multi-protocol VPN Client(openconnect),

The Setting application CRASHED.

part of the trace log from the CRASH report, 

--- Running report_uReport ---
('report_uReport' completed successfully)

--- Skipping collect_GConf ---
No matching actions found for this event.

--- Skipping collect_vimrc_system ---
No matching actions found for this event.

--- Skipping collect_vimrc_user ---
No matching actions found for this event.

--- Skipping collect_xsession_errors ---
No matching actions found for this event.

--- Running analyze_CCpp ---
Generating backtrace

I am trying to collect more. 

Last week I tried to disable the COPR one and re-install the Fedora native packages, no such crash but I have no openconnect feature there. 

Thanks and let me know if I can help to collect other information to fix this.

Comment 31 Allen Chen 2023-04-26 13:31:55 UTC
I run the gnome-control-center in terminal and reproduce the CRASH, I got this on the terminal,

gnome-control-center 
21:31:00.4754                   **[342088]:CRITICAL: init_editor_plugin: assertion 'widget' failed
21:31:00.4896         GLib-GObject[342088]:CRITICAL: invalid unclassed pointer in cast to 'NMACertChooserButton'
21:31:00.4896         GLib-GObject[342088]:CRITICAL: g_type_instance_get_private: assertion 'instance != NULL && instance->g_class != NULL' failed
Segmentation fault (core dumped)

Comment 32 Raphael Groner 2023-04-28 10:42:41 UTC
According to recent comments moving to Fedora 37 as 36 is quite nearly EOL.

Comment 33 David Woodhouse 2023-04-28 14:33:21 UTC
Please could you report that crash in a separate bug against NetworkManager itself (perhaps libnma but I think it's all the same source package?)

Comment 34 Raphael Groner 2023-05-02 15:16:57 UTC
(In reply to Raphael Groner from comment #26)
> There's now update for mentioned packages landed for Fedora 37, too.

All packages updated today. No crash of NetworkManager (main package updated also) on my system detectable and I can still connect to AnyConnect VPN. 

openconnect-9.01.git.185.7783837-0.fc37.x86_64
NetworkManager-openconnect-1.2.9.git.114.233675e-0.fc37.x86_64
NetworkManager-openconnect-gnome-1.2.9.git.114.233675e-0.fc37.x86_64
NetworkManager-1.40.18-1.fc37.x86_64

So I suspect openconnect as the instable component. Allen, can you retry with new snapshot of openconnect?

Comment 35 David Woodhouse 2023-05-02 15:35:21 UTC
I believe the gnome-control-center crash should now be fixed. Please could you retest?

Comment 36 David Woodhouse 2023-05-02 16:05:26 UTC
(In reply to Raphael Groner from comment #34)
> All packages updated today. No crash of NetworkManager (main package updated
> also) on my system detectable and I can still connect to AnyConnect VPN. 

I believe the crash was only happening when you edit the connection, and only in gnome-control-center (with gtk4) rather than nm-connection-editor (which still uses gtk3).

It should be fixed in NetworkManager-openconnect 1.2.9.git.116.06054ed

Comment 37 Allen Chen 2023-05-03 00:06:04 UTC
Updated to following packages,
openconnect-9.01.git.186.ab5f163-0.fc38.x86_64
NetworkManager-openconnect-1.2.9.git.121.3f7afad-0.fc38.x86_64
NetworkManager-openconnect-gnome-1.2.9.git.121.3f7afad-0.fc38.x86_64

Yes. I can add a new VPN connection with Mult-protocol VPN client(openconnect), but I still can NOT edit the connection after I added it when I test the connection.
The edit connection UI is always pending and does not populate the right content, can only be canceled.

Comment 38 Allen Chen 2023-05-03 00:21:40 UTC
BTW, I want to confirm if the NM Connection file created by the UI editor correct or not, I tried to create an Pulse Secure Connection(Openconnect) and ONLY give the gateway and keep everything else as default, then click "Add", I got such connection file in /etc/NetworkManager/system-connection, 

[connection]
id=VPN 1
uuid=864f95fb-1d53-4e20-ab43-82cbf21ede65
type=vpn
autoconnect=false
permissions=user:allen:;

[vpn]
authtype=password
autoconnect-flags=0
certsigs-flags=0
cookie-flags=2
disable_udp=no
enable_csd_trojan=no
gateway=secure.sample.com
gateway-flags=2
gwcert-flags=2
lasthost-flags=0
pem_passphrase_fsid=no
prevent_invalid_cert=no
protocol=pulse
resolve-flags=2
stoken_source=disabled
xmlconfig-flags=0
service-type=org.freedesktop.NetworkManager.openconnect

[ipv4]
method=auto

[ipv6]
addr-gen-mode=default
method=auto

[proxy]


What I can not edit/enable/delete this connection in gnome-control-center --> Network
But I can delete or view it in nm-connection-editor, I am not sure if I can edit it, because when I am editting it in nm-connection-editor, also I can NOT change any field there.
Thanks.

Comment 39 David Woodhouse 2023-05-03 09:14:49 UTC
Thanks. Please could you run gnome-control-center and/or nm-connection-editor from a terminal and show all their output while you attempt this?

Comment 40 Allen Chen 2023-05-03 14:26:19 UTC
gnome-control-center 
22:21:05.4111                   nm[526419]:CRITICAL: ((src/libnm-client-impl/nm-device.c:2450)): assertion '<dropped>' failed
22:21:29.5632                   nm[526419]:CRITICAL: ((src/libnm-client-impl/nm-device.c:2450)): assertion '<dropped>' failed

nm-connection-editor 
** Message: 22:23:01.361: Cannot save connection due to error: Invalid setting VPN: gateway
** Message: 22:23:04.314: Connection validates and can be saved

Do the same action with gnome-control-center and nm-connection-editor on CLI(terminal) and got above output.

1. Add a VPN connection Pulse Connect Secure
2. Try to edit the connection, both tools can NOT edit the added VPN connection

No CRASH, but I do not think the edit connection works fine.

Comment 41 Allen Chen 2023-05-10 12:58:32 UTC
I tried with gnome-control-center Network Add/Edit VPN connection today with
openconnect-9.10.git.6.4023bd9-0.fc38.x86_64
NetworkManager-openconnect-1.2.9.git.128.4725947-0.fc38.x86_64
NetworkManager-openconnect-gnome-1.2.9.git.128.4725947-0.fc38.x86_64

It is fine now. Confirmed it is fixed the CRASH and edit issue.

What I need to know how to enable the SSO authentication instead of password one?

Comment 42 Allen Chen 2023-05-11 13:51:41 UTC
Hi, David, I noticed on Gitlab, the repository of OpenConnect. 
I tried once more with my company's Pulse Secure VPN both openconnect cli and openconnect-gnome with the package mentioned in comment#41.

I got Failed to find or parse web form in login page
for both. 

The VPN is pulse secure one, but I should use protocol=nc and this VPN is using Microsoft SSO/SAML authentication. 
If possible, do you have any thread or issue at at Gitlab side so that we can work together on this feature debug and test, more easy and effiecinet.

Thanks.

Comment 43 David Woodhouse 2023-05-15 10:07:58 UTC
(In reply to Allen Chen from comment #42)
> Hi, David, I noticed on Gitlab, the repository of OpenConnect. 
> I tried once more with my company's Pulse Secure VPN both openconnect cli
> and openconnect-gnome with the package mentioned in comment#41.
> 
> I got Failed to find or parse web form in login page
> for both. 
> 
> The VPN is pulse secure one, but I should use protocol=nc and this VPN is
> using Microsoft SSO/SAML authentication. 
> If possible, do you have any thread or issue at at Gitlab side so that we
> can work together on this feature debug and test, more easy and effiecinet.
> 
> Thanks.

Hi Allen, I think you probably want https://gitlab.com/openconnect/openconnect/-/issues/385

I think we just need someone with access to such a VPN to spend some time capturing the traffic from the offical Pulse client and working out how the SAML support works. There are some external tools like https://github.com/utknoxville/openconnect-pulse-gui which attempt to do the authentication and then just spawn openconnect with the required cookie to establish the connection (and you can feed that same cookie into NetworkManager too). It'd be good to incorporate that support directly into openconnect/NM-openconnect.

Comment 44 Jeremy Nickurak 2023-05-15 20:11:45 UTC
Just a comment: Even if this isn't working totally perfectly for a bunch of people, is it the case that this upgrade isn't a regression for users who don't need the SSO/SAML login functionality? If so, maybe getting this feature work included even if it's not perfect would be better than the zero-support-for-SSO-SAML that users currently have access to?

Comment 45 Allen Chen 2023-05-16 00:36:24 UTC
hi, David, yes. I have the official Pulse Secure RPM installed and used on FC38. It works except the DNS resolve config for the tun0 after VPN connection setup is not supported. I use a script to fix that. 
I might be able to work on the data capture if there is some guide or tools. I will check the gitlab issue first.

Comment 46 Allen Chen 2023-05-16 01:00:13 UTC
I tried openconnect-pulse-gui very quickly and hit the host checker can NOT pass.

Comment 47 Fedora Update System 2023-05-17 19:12:39 UTC
FEDORA-2023-e8e59b49a6 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-e8e59b49a6

Comment 48 Fedora Update System 2023-05-17 19:13:17 UTC
FEDORA-2023-d44bee1462 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-d44bee1462

Comment 49 Fedora Update System 2023-05-18 02:07:23 UTC
FEDORA-2023-d44bee1462 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-d44bee1462`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-d44bee1462

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 50 Fedora Update System 2023-05-18 04:40:17 UTC
FEDORA-2023-e8e59b49a6 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-e8e59b49a6`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-e8e59b49a6

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 51 Fedora Update System 2023-05-19 01:16:49 UTC
FEDORA-2023-d44bee1462 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 52 Jeremy Nickurak 2023-05-19 20:34:46 UTC
Confirming that, after removing the 2 coprs I was using for this, doing a distro-sync, and rebooting, I can still successfully connect to my work's Okta-auth-protected cisco-based VPN with NetworkManager-openconnect in Gnome on fedora 38, without needing Cisco's Anyconnect installed.

Thanks dwmw2!

Comment 53 Fedora Update System 2023-05-26 01:31:02 UTC
FEDORA-2023-e8e59b49a6 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.