[plasmashell] [Bug 512543] New: nm-fortisslvpn-auth-dialog crashes when entering OTP for 2FA authentication

Sun, 23 Nov 2025 20:01:39 -0800 

https://bugs.kde.org/show_bug.cgi?id=512543

            Bug ID: 512543
           Summary: nm-fortisslvpn-auth-dialog crashes when entering OTP
                    for 2FA authentication
    Classification: Plasma
           Product: plasmashell
      Version First 6.5.3
       Reported In:
          Platform: Fedora RPMs
                OS: Linux
            Status: REPORTED
          Severity: crash
          Priority: NOR
         Component: Networking in general
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: 1.0

This problem appeared after updating Fedora 42 to Fedora 43.

When connecting to a FortiGate SSL VPN that requires 2FA/OTP authentication,
the connection process correctly triggers the OTP email, but the
nm-fortisslvpn-auth-dialog crashes immediately when the OTP input dialog
appears.
Steps to Reproduce:

Configure a Fortinet SSLVPN connection in System Settings → Network →
Connections
Set gateway (with custom port, e.g., server.example.com:10443)
Enter username and password, check "Store password for this user only"
Attempt to connect
OTP email is successfully triggered and received
OTP input dialog appears briefly then crashes

Actual Results:

The nm-fortisslvpn-auth-dialog process crashes
systemd-coredump reports: "Process nm-fortisslvpn- terminated abnormally
without generating a coredump"
NetworkManager logs show:

ERROR:  Failed to get PIN:
GDBus.Error:org.freedesktop.NetworkManager.Settings.Connection.Failed: Secret
'username__server.example.com_2fa' is not supported
ERROR:  No token specified
ERROR:  Could not authenticate to gateway
Expected Results:
The OTP dialog should remain open, accept the OTP code, and complete the VPN
connection.
Additional Information:

KDE Plasma Version: 6.5.3
Qt Version: 6.8
NetworkManager Version: 1.50.0
plasma-nm-fortisslvpn: 6.5.3-1.fc43
NetworkManager-fortisslvpn: 1.4.1-10.20231021gite201da5.fc43

Workaround:
Using openfortivpn CLI directly works correctly with OTP:
bashsudo openfortivpn server.example.com:10443 --username=user
The bug appears to be in the plasma-nm plugin's handling of the 2FA secret
format. The error message suggests it's trying to use an unsupported secret
name format for the 2FA token.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to