Viscosity and AWS SSO

Got a problem with Viscosity or need help? Ask here!

mrdlcastle

Posts: 1
Joined: Wed Aug 03, 2022 11:10 pm

Post by mrdlcastle » Wed Aug 03, 2022 11:12 pm
Has anyone configured Viscosity to utilize AWS SSO as an authentication method?
Here's the article for how to do it with the AWS VPN Client

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Aug 05, 2022 12:50 pm
Hi mrdlcastle,

Please see the following article for the problem with Amazon's SSO auth-federate implementation:
https://www.sparklabs.com/support/kb/ar ... s-invalid/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

kcnz

Posts: 3
Joined: Sat Aug 26, 2023 3:40 am

Post by kcnz » Sat Aug 26, 2023 3:46 am
I posted requests to AWS to use the standard SSO flow that opensource has but it doesn't seem to be getting anywhere, it would be awesome if you guys can support it. AWS's vpn client is implemented nearly as well as viscosity.

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Aug 28, 2023 10:56 pm
Hi kcnz,

I'm afraid it's highly unlikely we'll support Amazon's custom changes. I know a lot of users would like to see support, however as discussed in the article above, they cause reliability issues for VPN connections and break compatibility with all other OpenVPN servers. The OpenVPN core developers have also been critical of the changes Amazon have made: https://github.com/OpenVPN/openvpn/pull/295

With offical SAML support in the OpenVPN protocol, there is no real reason for them to keep their flawed implementation. Hopefully they'll update to a better approach soon.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

kcnz

Posts: 3
Joined: Sat Aug 26, 2023 3:40 am

Post by kcnz » Tue Dec 12, 2023 4:08 am
Really we need everyone who would prefer to use viscosity over the aws client to file a support ticket, cause I can't make any headway on this as AWS isn't considering this a priority currently.

kcnz

Posts: 3
Joined: Sat Aug 26, 2023 3:40 am

Post by kcnz » Tue Dec 12, 2023 4:09 am
unless you actually prefer the aws client tool which allows virtually no configuration and coming back to your computer with 70 tabs open on your browsers as it was trying to reconnect.
6 posts Page 1 of 1