I’m using Viscosity with an OpenVPN backend that does SSO authentication, which generally works.
After authenticating via the IDP, the authentication window will show “you can close this window now”, and close automatically after some seconds.
After one hour, a re-authentication is performed, the auth window will re-appear, showing “you can close this window now” since all auth data is still valid, but it won’t disappear automatically. When closing the window manually, the connection is dropped.
Re-connecting again, the auth window will pop up shortly and vanish automatically, with the connection established as expected.
Hi andy_p,
That sounds unusual: Viscosity should be automatically closing the window when the connection is fully re-established. I recommend first giving the latest beta version a try, as there have been some recent tweaks to the behaviour of the web authentication window:
https://www.sparklabs.com/support/kb/article/using-viscosity-beta-versions/
If you’re still seeing the same problem, would you be able to provide a copy of your connection log (with the log verbosity raised) covering a period of time from your initial connection until after a re-authentication has taken place and the web authentication window has failed to close?
You can find information on how to obtain this at:
https://www.sparklabs.com/support/kb/article/logs-and-information-to-provide-support-staff/#2-connection-log-with-increased-logging
If you’d prefer to email the log to us, rather than posting publicly on the forum, our support email address can be found at the bottom of the Support page: https://www.sparklabs.com/support/
Cheers,
James
Happens with 1.11.1b3 as well. Sending the full log via email.
NB: If I succeed in closing the window before it automatically vanishes, the connection is dropped as well.
Thank you for emailing us a copy of your connection log.
It appears the OpenVPN server you’re connecting to is using web authentication (SSO/SAML) without session tokens enabled, which is an unusual combination. We’ve made some changes to the latest beta version of Viscosity (1.11.1b4 at the time of writing) that should better handle this. Please give it a try and let us know if you still run into the same issue.
https://www.sparklabs.com/support/kb/article/using-viscosity-beta-versions/
Cheers,
James
1.11.1b4 behaves a little different:
The “you can close. me now” window " still doesn’t close automatically, but when closed manually the connection is not dropped but remains functional.
Thanks for testing - it sounds like it’s now working as expected.
The web authentication page can request to close itself, but it sounds like in this instance it is not, which is why it is remaining open. However you can now manually close the window without the VPN connection disconnecting. Viscosity cannot automatically close it as the OpenVPN server is not sending any indication whether the authentication has successfully completed.
To have the window close automatically there are two things you can do: 1) Enable session tokens on the OpenVPN server (i.e. using “auth-gen-token”), or 2) Update the web authentication page to call window.close() once the connection has been authenticated. Both of these require control over the OpenVPN server, so I’m afraid it’s something you’ll need to reach out to your VPN provider about if you’re not an admin of the server.
Cheers,
James
setting auth-gen-token and using 1.11.1b4 or 1.11.1b5 does the trick, working as expected now.
Thanks for your support!
