Our Linux users have been using OpenConnect to connect to Pulse with PKCS#11 smart card authentication. As the official Linux client does not support smart cards this has been our workaround for a while now to allow smart card authentication. Recently it was been decided that host checker is needed for machine verification before a realm can be selected. Hence all realms that are in use have had the necessary host checker policies added. Note that host checker is not being used in the roles, just the realms. The addition of host checker broke OpenConnect and a "temporary" LDAP based username and password authentication was set up for our Linux users with the official client. Of course now word has come down that smart card authentication is more important than host checker, though it would be nice to have both. So in an attempt to make both work for most users I created a new realm just for our Linux users with no host checker policies selected at all. Unfortunately testing with this new realm in OpenConnect still gives the error "Pulse server requested Host Checker; not yet supported". Anyone know a way around this issue? Possibly by forcing that one realm to not even consider Host Checker?
... View more