Closed pdvrieze closed 3 years ago
The script fails for me on:
Sending auth finish request [openconnect_sso.authenticator] content=b'<?xml version=\'1.0\' encoding=\'UTF-8\'?>\n <config-auth client="vpn" type="auth-reply" aggregate-auth-version="2">\n <version who="vpn">4.7.00136</version>\n <device-id>linux-64</device-id>\n <session-token/>\n <session-id/>\n <opaque is-for="sg">\n <tunnel-group>buvpn</tunnel-group>\n <auth-method>single-sign-on-v2</auth-method>\n <group-alias>buvpn</group-alias>\n <config-hash>1623301714042</config-hash>\n </opaque>\n <auth>\n <sso-token>30AC25A72EA1CE66667BB6C</sso-token>\n </auth>\n </config-auth>\n' Auth finish response received [openconnect_sso.authenticator] content=b'<?xml version="1.0" encoding="UTF-8"?>\n <config-auth client="vpn" type="auth-request" aggregate-auth-version="2">\n <opaque is-for="sg">\n <tunnel-group>XXXXX</tunnel-group>\n <auth-method>single-sign-on-v2</auth-method>\n <group-alias>XXXXX</group-alias>\n <config-hash>1623301714042</config-hash>\n </opaque>\n <auth id="main">\n <title>Login</title>\n <message>Please enter your username and password.</message>\n <banner></banner>\n <error id="13" param1="" param2="">**Unable to complete connection: Cisco Secure Desktop not installed on the client**</error>\n <form>\n <select name="group_list" label="GROUP:">\n <option selected="true">buvpn</option>\n </select>\n </form>\n </auth>\n <host-scan>\n <host-scan-ticket>XXXXXXXXXXXXX</host-scan-ticket>\n <host-scan-token>XXXXXXXXXXXXXX</host-scan-token>\n <host-scan-base-uri>/CACHE</host-scan-base-uri>\n <host-scan-wait-uri>/+CSCOE+/sdesktop/wait.html</host-scan-wait-uri>\n </host-scan>\n </config-auth>\n'
Looking at what openconnect does is that it passes along the host-scan-token tag in the post (just after the auth tag closure).
Unforunately the CSD functionality is yet to be implemented: https://github.com/vlaci/openconnect-sso/issues/35
The script fails for me on:
Looking at what openconnect does is that it passes along the host-scan-token tag in the post (just after the auth tag closure).