SSO Improvements

Suggestions/comments/criticisms are welcome here


Posts: 1
Joined: Thu Jan 06, 2022 5:36 am

Post by lkinley » Thu Jan 06, 2022 5:43 am
I am implementing SAML/SSO for our VPNs and have the following suggestions.

1. Use the CA provided for the VPN connection as a valid CA for the SSO login page. We generate our own certificate authorities for everything internal and would like to see the cert warnings absent in the login popup.

2. Update the Viscosity client to 2.5.5+ to support WEB_AUTH in lieu of OPEN_URL



User avatar
Posts: 2143
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Jan 11, 2022 1:47 pm
Hi Lance,

Thanks for your feedback!

Viscosity actually supports a "Web CA" file, which can be optionally used to validate the SSO/SAML login webpage. There is no GUI option in the editor for this, however it can be specified using either the "web-ca" command (with a path to the Web CA file as the parameter), or inside the configuration file using OpenVPN's inline file syntax: <web-ca>PEM Data</web-ca>

James Bekkema
Viscosity Developer

2 posts Page 1 of 1