OpenConnect wrapper with Azure AD (SAML) SSO support for Cisco SSL-VPNs

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mschabhuettl from gravatar.com mschabhuettl

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: GPL-3.0-or-later
    SPDX License Expression
  • Author: Matthias Schabhüttl
  • Tags azure-ad , cisco , openconnect , saml , sso , vpn
  • Requires: Python >=3.10
  • Provides-Extra: chrome , dev , fido2 , gui , tui
Classifiers
Report project as malware

Project description

openconnect-saml

OpenConnect wrapper with Azure AD / SAML SSO support for Cisco AnyConnect VPNs.

CI PyPI AUR Python License

Drives the SAML/SSO authentication flow against Cisco AnyConnect gateways and hands the resulting cookie to openconnect. Supports Azure AD, ADFS, and most enterprise IdPs out of the box; works with Yubikey / Nitrokey hardware keys, Duo, Microsoft Authenticator, and TOTP from your password manager.

Maintained fork of vlaci/openconnect-sso, combining work from kowyo/openconnect-lite.

Install

pip install "openconnect-saml[gui]"        # Qt browser
pip install "openconnect-saml[chrome]"     # Chromium / Playwright
pip install  openconnect-saml              # Headless only

Arch: yay -S openconnect-saml. Requires Python ≥ 3.10 and openconnect in $PATH. See docs/installation.md for Docker, build from source, and system-deps per distro.

Quick start

# Interactive setup — server, username, TOTP, browser, auto-reconnect
openconnect-saml setup

# Connect to a saved profile
openconnect-saml connect work

# Or one-shot, no profile
openconnect-saml --server vpn.example.com --user user@example.com

Headless (servers, containers, CI):

openconnect-saml --server vpn.example.com --headless --user user@example.com

Features

  • Three browser backends — Qt6 WebEngine, Chromium via Playwright, or full headless. Hardware-key WebAuthn works in all three. See docs/browsers.md.
  • Five TOTP providers — local keyring, 2FAuth, Bitwarden, 1Password, pass — or --no-totp to skip the prompt. See docs/authentication.md.
  • Multi-profile — save / list / rename / export / import named VPN configs. Includes export to NetworkManager's .nmconnection format for the Ubuntu / GNOME VPN UI. See docs/profiles.md.
  • Auto-reconnect with exponential back-off, optional cap. operations.md
  • Kill-switch — iptables-based, session or persistent, with DNS / LAN allow-listing. networking.md
  • systemd integration — install a per-server unit; service start / stop / status / logs. operations.md
  • Connection history & stats — JSONL audit log, aggregated summaries (history stats), JSON output for monitoring. operations.md
  • Diagnosticsdoctor checks Python / openconnect / sudo / TUN / dependencies / keyring / DNS / TLS / SAML endpoint. diagnostics.md

Documentation

The docs/ directory has a topic-per-file reference. Start with docs/README.md for the index.

Topic Where
Installation, Docker, system deps docs/installation.md
Browser backends + minimal GUI docs/browsers.md
TOTP providers + FIDO2 + credentials docs/authentication.md
Profiles + NetworkManager export docs/profiles.md
Split-tunnel + kill-switch + proxy docs/networking.md
Reconnect, systemd, status, history docs/operations.md
Config file + setup + config subcommand docs/configuration.md
doctor, troubleshooting, exit codes docs/diagnostics.md
Full CLI reference (every flag) docs/cli-reference.md
Contributor setup + release flow docs/development.md
Migrating from openconnect-sso docs/migration.md

Links

Resource URL
PyPI https://pypi.org/project/openconnect-saml/
AUR https://aur.archlinux.org/packages/openconnect-saml
Releases https://github.com/mschabhuettl/openconnect-saml/releases
Issues https://github.com/mschabhuettl/openconnect-saml/issues
Changelog CHANGELOG.md
License GPL-3.0

Credits

Upstream / origin

Recent contributors

  • @derkarnold--auth-script pluggable authentication (#29, v0.23.0)
  • @salty-flower — root-cause diagnosis of the PyQt 6.11 WebAuthn slot-signature crash (#24, v0.21.0)
  • @kobuki--no-cert-check / self-signed gateway report driving the v0.22.0 + v0.22.2 cert fixes and the console-only Microsoft Entra path in v0.22.4 (#19)
  • @OmarHawk--allowed-hosts whitelist proposal (#11, v0.20.0), --useragent (#12, v0.7.0), openconnect passthrough (#13, v0.7.0), MFA discussion that shaped the chrome / qt / headless three-way split (#17)
  • @BBKmsZrd — Yubikey / Nitrokey hardware-token reports + iterative debug-log triage (#21, #24)
  • @cnekmpsso-v2-login parser regression report driving the namespaced-fields + form fallback (#20, v0.8.1)
  • @mdesantis — minimal GUI proposal
    • NetworkManager .nmconnection export request (#22, v0.8.x)

Everyone else who's filed an issue, tested a release candidate, or pasted a debug log — thank you. See the full contributors graph.

Buy Me a Coffee

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mschabhuettl from gravatar.com mschabhuettl

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: GPL-3.0-or-later
    SPDX License Expression
  • Author: Matthias Schabhüttl
  • Tags azure-ad , cisco , openconnect , saml , sso , vpn
  • Requires: Python >=3.10
  • Provides-Extra: chrome , dev , fido2 , gui , tui
Classifiers

Release history Release notifications | RSS feed

0.24.5

0.24.4

This version

0.24.3

0.24.2

0.24.1

0.24.0

0.23.0

0.22.5

0.22.4

0.22.1

0.22.0

0.21.0

0.20.0

0.19.0

0.18.0

0.17.0

0.16.0

0.15.0

0.14.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

0.8.5

0.8.4

0.8.3

0.8.2

0.8.1

0.7.1

0.7.0

0.6.1

0.6.0

0.5.0

0.4.0

0.3.0

0.2.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

openconnect_saml-0.24.3.tar.gz (263.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

openconnect_saml-0.24.3-py3-none-any.whl (143.7 kB view details)

Uploaded Python 3

File details

Details for the file openconnect_saml-0.24.3.tar.gz.

File metadata

  • Download URL: openconnect_saml-0.24.3.tar.gz
  • Upload date:
  • Size: 263.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for openconnect_saml-0.24.3.tar.gz
Algorithm Hash digest
SHA256 99f0011dfadc9f12b84b92f067b98aac0a220b25b351799d65bd09b903794fcb
MD5 bb8c39bd1a324de0aad218bbccfd9beb
BLAKE2b-256 e9cc697ce633ab3405ce22575737f17a6b968639a6dffc5772a6df8092baafdc

See more details on using hashes here.

Provenance

The following attestation bundles were made for openconnect_saml-0.24.3.tar.gz:

Publisher: publish.yml on mschabhuettl/openconnect-saml

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file openconnect_saml-0.24.3-py3-none-any.whl.

File metadata

File hashes

Hashes for openconnect_saml-0.24.3-py3-none-any.whl
Algorithm Hash digest
SHA256 7597cbdd649f4f64ea4c40ac1abe704ce74e12d7efcee7ae5b6e12ce86bd935f
MD5 64c8580b1d449a734e8e4a4fac80af99
BLAKE2b-256 8ebea83d1f7ad735e6dab0d45d1b800e5da2cb9d2bb8d458acd8681ca2ef02ca

See more details on using hashes here.

Provenance

The following attestation bundles were made for openconnect_saml-0.24.3-py3-none-any.whl:

Publisher: publish.yml on mschabhuettl/openconnect-saml

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page