So for VPN’s there is pretty good support for most every vendor these days, except for one thing - SAML-based VPN’s everyone does. It’s getting more and more common to deploy Enterprise VPN systems to use SAML for secure logins and MFA, but the problem for Linux is the web interaction that hast to occur with the IDP SAML provider like Okta, Ping, even Microsoft or RedHat isn’t there for either GTK or QT-based NetworkManager.
It’s about the same problem as a captive portal login someone else mentioned where using something like webkit2gtk to perform webpage rendering and token issue to the application or agent. SAML auth is super common these days, but always requires a native vendor VPN client as no one has a standard way of handing SAML across any desktop OS, but the plugins for each VPN generally do. Linux is about the closest to having ubiquitous VPN capabilities across vendors, just NOT for SAML.
Talking to the NetworkManager list folks, it sounds like SAML is fully supported in their code and plugins where available, only the desktop implementations for UI are missing for the web login sessions in the DE UI’s. It sounded like for KDE that’s in NetworkManager-QT, but then it has to play well with all the VPN plugins as well, that some do or don’t support SAML today.
Where is the best place to inquire if/why/when this sort of integration can be accomplished for SAML VPN for every open and commercial VPN offering, including OpenVPN, Cisco, Palo Alto, Fortigate, and a long list of others. Vendor Linux VPN clients always suck due to being poorly supported at best, and it seems all that is needed is the NetworkManager UI and DE integrations to include SAML as a modern VPN authentication method for anyone/everyone.
Thanks in advance!