From 6bbbe479043b1a5d5f75a7c6bbc88eada5ccd126 Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Sun, 22 Mar 2020 22:46:53 -0700
Subject: [PATCH] fix too-hurried ambiguity warnings, fix b64 encoding for SAML
 REDIRECT too

---
 gp-saml-gui.py              | 10 ++++------
 test-globalprotect-login.py |  4 ++--
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/gp-saml-gui.py b/gp-saml-gui.py
index a49a751..4029a09 100755
--- a/gp-saml-gui.py
+++ b/gp-saml-gui.py
@@ -253,22 +253,20 @@ if __name__ == "__main__":
     if args.verbose:
         # Warn about ambiguities
         if server != args.server and not args.uri:
-            print('''IMPORTANT: During the SAML auth, you were redirected from {} to {}. This probably'''
-                  '''means you should specify {} as the server for final connection, but we're not 100%'''
+            print('''IMPORTANT: During the SAML auth, you were redirected from {} to {1}. This probably '''
+                  '''means you should specify {1} as the server for final connection, but we're not 100% '''
                   '''sure about this. You should probably try both.\n'''.format(args.server, server), file=stderr)
         if ifh != args.interface and not args.uri:
-            print('''IMPORTANT: We started with SAML auth to the {} interface, but received a cookie'''
+            print('''IMPORTANT: We started with SAML auth to the {} interface, but received a cookie '''
                   '''that's associated with the {} interface. You should probably try both.\n'''.format(args.interface, ifh),
                   file=stderr)
-
         print('''\nSAML response converted to OpenConnect command line invocation:\n''', file=stderr)
         print('''    echo {} |\n        openconnect --protocol=gp --user={} --usergroup={}:{} --passwd-on-stdin {}'''.format(
             quote(cv), quote(un), quote(ifh), quote(cn), quote(server)), file=stderr)
 
         print('''\nSAML response converted to test-globalprotect-login.py invocation:\n''', file=stderr)
-        print('''    test-globalprotect-login.py --user={} -p '' \\\n         https://{}{} {}={}\n'''.format(
+        print('''    test-globalprotect-login.py --user={} -p '' \\\n         https://{}/{} {}={}\n'''.format(
             quote(un), quote(server), quote(if2auth[ifh]), quote(cn), quote(cv)), file=stderr)
-
     varvals = {
         'HOST': quote('https://%s/%s:%s' % (server, if2auth[ifh], cn)),
         'USER': quote(un), 'COOKIE': quote(cv),
diff --git a/test-globalprotect-login.py b/test-globalprotect-login.py
index 81ae8b7..4c325b2 100755
--- a/test-globalprotect-login.py
+++ b/test-globalprotect-login.py
@@ -114,10 +114,10 @@ Extracted connection cookie from <jnlp>. Use this to connect:
 elif xml is not None and xml.tag == 'prelogin-response' and None not in (xml.find('saml-auth-method'), xml.find('saml-request')):
     import webbrowser
     sam = xml.find('saml-auth-method').text
-    sr = xml.find('saml-request').text
+    sr = a2b_base64(xml.find('saml-request').text)
     if sam == 'POST':
         with NamedTemporaryFile(delete=False, suffix='.html') as tf:
-            tf.write(a2b_base64(sr))
+            tf.write(sr)
         if args.browse:
             print("Got SAML POST, browsing to %s" % tf.name)
             webbrowser.open('file://' + tf.name)
-- 
2.39.5