Sign in fails due to "missing secure desktop"

The script fails for me on:

Sending auth finish request    [openconnect_sso.authenticator] content=b'<?xml version=\'1.0\' encoding=\'UTF-8\'?>\n
<config-auth client="vpn" type="auth-reply" aggregate-auth-version="2">\n
  <version who="vpn">4.7.00136</version>\n
  <device-id>linux-64</device-id>\n
  <session-token/>\n  <session-id/>\n
  <opaque is-for="sg">\n
    <tunnel-group>buvpn</tunnel-group>\n
    <auth-method>single-sign-on-v2</auth-method>\n
    <group-alias>buvpn</group-alias>\n
    <config-hash>1623301714042</config-hash>\n
  </opaque>\n
  <auth>\n
    <sso-token>30AC25A72EA1CE66667BB6C</sso-token>\n
  </auth>\n
</config-auth>\n'

Auth finish response received  [openconnect_sso.authenticator] content=b'<?xml version="1.0" encoding="UTF-8"?>\n
<config-auth client="vpn" type="auth-request" aggregate-auth-version="2">\n
<opaque is-for="sg">\n
<tunnel-group>XXXXX</tunnel-group>\n
<auth-method>single-sign-on-v2</auth-method>\n
<group-alias>XXXXX</group-alias>\n
<config-hash>1623301714042</config-hash>\n
</opaque>\n
<auth id="main">\n
<title>Login</title>\n
<message>Please enter your username and password.</message>\n
<banner></banner>\n
<error id="13" param1="" param2="">**Unable to complete connection: Cisco Secure Desktop not installed on the client**</error>\n
<form>\n
<select name="group_list" label="GROUP:">\n
<option selected="true">buvpn</option>\n
</select>\n
</form>\n
</auth>\n
<host-scan>\n
<host-scan-ticket>XXXXXXXXXXXXX</host-scan-ticket>\n
<host-scan-token>XXXXXXXXXXXXXX</host-scan-token>\n
<host-scan-base-uri>/CACHE</host-scan-base-uri>\n
<host-scan-wait-uri>/+CSCOE+/sdesktop/wait.html</host-scan-wait-uri>\n
</host-scan>\n
</config-auth>\n'

Looking at what openconnect does is that it passes along the host-scan-token tag in the post (just after the auth tag closure).

vlaci / openconnect-sso

Sign in fails due to "missing secure desktop" #59