vlaci
commented
3 years ago Could you post the XML response received from the server? It is logged on debug level (-l debug)
Closed mikeyjk closed 2 years ago
vlaci
commented
3 years ago Could you post the XML response received from the server? It is logged on debug level (-l debug)
mikeyjk
commented
2 years ago I'm sorry, I've moved on from this issue - thank you for your time anyway, apologies for noise
jmcarcell
commented
1 year ago I have exactly this same issue and when running with -l debug what I get is
[debug ] Auth init response received [openconnect_sso.authenticator] content=b'<?xml version="1.0" encoding="UTF-8"?>\n<config-auth client="vpn" type="auth-request" aggregate-auth-version="2">\n<opaque is-for="sg">\n<tunnel-group>RemoteAccess</tunnel-group>\n<auth-method>single-sign-on-v2</auth-method>\n<group-alias>RemoteAccess</group-alias>\n<config-hash>1655368651289</config-hash>\n</opaque>\n<auth id="main">\n<title>Login</title>\n<message>Please complete the authentication process in the AnyConnect Login window.</message>\n<banner>omitted</banner>\n<sso-v2-login>https://vpn4.ucl.ac.uk/+CSCOE+/saml/sp/login?tgname=RemoteAccess&acsamlcap=v2</sso-v2-login>\n<sso-v2-login-final>https://vpn4.ucl.ac.uk/+CSCOE+/saml_ac_login.html</sso-v2-login-final>\n<sso-v2-logout>https://vpn4.ucl.ac.uk/+CSCOE+/saml/sp/logout</sso-v2-logout>\n<sso-v2-logout-final>https://vpn4.ucl.ac.uk/+CSCOE+/saml_ac_login.html</sso-v2-logout-final>\n<sso-v2-token-cookie-name>acSamlv2Token</sso-v2-token-cookie-name>\n<sso-v2-error-cookie-name>acSamlv2Error</sso-v2-error-cookie-name>\n<form>\n<input type="sso" name="sso-token"></input>\n<select name="group_list" label="GROUP:">\n<option selected="true">RemoteAccess</option>\n<option>bt-vpn.ucl.ac.uk</option>\n</select>\n</form>\n</auth>\n<host-scan>\n<host-scan-ticket></host-scan-ticket>\n<host-scan-token></host-scan-token>\n<host-scan-base-uri>/CACHE</host-scan-base-uri>\n<host-scan-wait-uri>/+CSCOE+/sdesktop/wait.html</host-scan-wait-uri>\n</host-scan>\n</config-auth>\n'The error that makes it crash looks like this:
[error ] Required attributes not found in response ("no such child: sso-v2-login", does this endpoint do SSO?), exiting [openconnect_sso.app]@vlaci
vansoest
commented
1 year ago same issue as @jmcarcell here—any updates?
[debug ] Auth finish response received [openconnect_sso.authenticator] content=b'<?xml version="1.0" encoding="UTF-8"?>\n<config-auth client="vpn" type="auth-request" aggregate-auth-version="2">\n<opaque is-for="sg">\n<tunnel-group>ANYCONNECT_MFA_ISE_TUNNEL_GROUP</tunnel-group>\n<auth-method>single-sign-on-v2</auth-method>\n<group-alias>NAMEREPLACED_Remote_Access_VPN</group-alias>\n<config-hash>SOMENUMBERS</config-hash>\n</opaque>\n<auth id="main">\n<title>Login</title>\n<message>Please enter your username and password.</message>\n<banner></banner>\n<error id="13" param1="" param2="">Unable to complete connection: Cisco Secure Desktop not installed on the client</error>\n<form>\n<select name="group_list" label="GROUP:">\n<option selected="true">NAMEREPLACED_Remote_Access_VPN</option>\n</select>\n</form>\n</auth>\n<host-scan>\n<host-scan-ticket>SOMETICKETNUMBER</host-scan-ticket>\n<host-scan-token>SOMETOKEN</host-scan-token>\n<host-scan-base-uri>/CACHE</host-scan-base-uri>\n<host-scan-wait-uri>/+CSCOE+/sdesktop/wait.html</host-scan-wait-uri>\n</host-scan>\n</config-auth>\n'[error ] Required attributes not found in response ("no such child: sso-v2-login", does this endpoint do SSO?), exiting [openconnect_sso.app] 
benmarr2
commented
7 months ago Could you post the XML response received from the server? It is logged on debug level (
-l debug)
I am running into the same issue. The <auth-method> tag contains "single-sign-on-v2".
b'<?xml version="1.0" encoding="UTF-8"?>\n<config-auth client="vpn" type="auth-request" aggregate-auth-version="2">\n<opaque is-for="sg">\n<tunnel-group>Default</tunnel-group>\n<auth-method>single-sign-on-v2</auth-method>\n<group-alias>Default</group-alias>\n<config-hash>1666692613599</config-hash>\n</opaque>\n<auth id="main">\n<title>Login</title>\n<message>Please enter your username and password.</message>\n<banner></banner>\n<form>\n<input type="text" name="username" label="Username:"></input>\n<input type="password" name="password" label="Password:"></input>\n<select name="group_list" label="GROUP:">\n<option selected="true">Default</option>\n<option>COMPANYNAME</option>\n</select>\n</form>\n</auth>\n</config-auth>\n'
adminy
commented
1 week ago Its fair to say that cisco server is doing some integrity checks:
<error id="13" param1="" param2="">
Unable to complete connection: Cisco Secure Desktop not installed on the client
</error>I wonder what magic is required to be sent in the post request for them to say that Cisco Secure Desktop is installed.
Hey all,
Thanks very much for this project, it has the potential to save me some pain. I've just noticed my attempt at using it is failing, presumably because the server is responding to me with:
Rather than the anticipated
ssov2-loginfromhttps://github.com/vlaci/openconnect-sso/blob/master/openconnect_sso/authenticator.py#L155I'm trying to play around with re-compiling, naively only updating that string +
login_final_url, to then see if/where it blows up after that:)But, of course, I'm running into issues with
nixon my local machine. I'll keep trying, but if anyone has any suggestions I'd really appreciate.Thanks for your time
Edit/Update:
Bah, apologies, I clearly have 0 idea what I'm talking about, I made the change I referenced above, to receive an identical error message, and to also notice the field I was referring to /is/ being anticipated correctly:
Error message after making my change:
From
authenticator.py:So the
auth-methodmy server is responding with /is/ anticipated, but nonetheless I'm getting the error: