Open germanztz opened 2 years ago
sso
uname -a: Linux **** 5.4.0-92-generic #103-Ubuntu SMP Fri Nov 26 16:13:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Command
openconnect-sso -l debug --server $VPNURL$/$VPNGROUP$ --user $USER$
Response
openconnect-sso -l debug --server $VPNURL$/$VPNGROUP$ --user $USER$ Using selector: EpollSelector Loading KWallet Loading SecretService Loading Windows Loading chainer Loading libsecret Loading macOS [info ] Authenticating to VPN endpoint [openconnect_sso.app] address=$VPNURL$/$VPNGROUP$ name= Starting new HTTPS connection (1): $VPNURL$:443 https://$VPNURL$:443 "GET /$VPNGROUP$ HTTP/1.1" 302 0 Resetting dropped connection: $VPNURL$ https://$VPNURL$:443 "GET /dana-na/auth/url_sN53kEnkUiIWOZmm/welcome.cgi HTTP/1.1" 302 None https://$VPNURL$:443 "GET /dana-na/auth/url_sN53kEnkUiIWOZmm/login.cgi?realm=$VPNGROUP$ HTTP/1.1" 302 None Starting new HTTPS connection (1): $COMPANY$.$2FAPROVIDER$.com:443 https://$COMPANY$.$2FAPROVIDER$.com:443 "GET /app/389858/sso?SAMLRequest=pZLLTsMwEEV%2FJfI%2BcR6tmlpNUKFCVOJRQcWCDZo6Q2spsY3HofD35IFE2XTD%0A2nc851zNgqCprVi2%2FqAf8b1F8sFnU2sSw0PBWqeFAVIkNDRIwkvxtLy7FWkU%0AC%2BuMN9LULFh1c0qDV0YX7OC9JcH5jhqCyLuWPNbYRNI0HKzlWT7PpzknMiy4%0ANk7isL1gMQvWq4K9zrN5jlhJQJSTWEIsJ%2FCWw3Q6m0G1yyZdjKjFtSYP2hcs%0AjdM0jJMwSbZJLOKJyJIXFmx%2B4C6VrpTenzfZjSESN9vtJtw8PG2HDz5Uhe6%2B%0AS%2F9KHY%2FHyBrnoY5GP42eV6Ah1MChE%2BF9cSHqyhqlfST36sIWZKcseEZHQ0Hd%0ARlYu%2BpwYTNxJ5ec5gQhd3zIr%2Fw204CcEI44Vvex6tTG1kl%2FBsq7N8coh%2BK6A%0AhPFyHPl7LuU3%0A&RelayState=https%3A%2F%2F$VPNURL$%2F$VPNGROUP$ HTTP/1.1" 200 None [debug ] Auth target url [openconnect_sso.authenticator] url=https://$COMPANY$.$2FAPROVIDER$.com/app/389858/sso [debug ] Sending auth init request [openconnect_sso.authenticator] content=b'<?xml version=\'1.0\' encoding=\'UTF-8\'?>\n<config-auth client="vpn" type="init" aggregate-auth-version="2">\n <version who="vpn">4.7.00136</version>\n <device-id>linux-64</device-id>\n <group-select></group-select>\n <group-access>https://$COMPANY$.$2FAPROVIDER$.com/app/389858/sso</group-access>\n <capabilities>\n <auth-method>single-sign-on-v2</auth-method>\n </capabilities>\n</config-auth>\n' Starting new HTTPS connection (1): $COMPANY$.$2FAPROVIDER$.com:443 https://$COMPANY$.$2FAPROVIDER$.com:443 "POST /app/389858/sso HTTP/1.1" 200 None [debug ] Auth init response received [openconnect_sso.authenticator] content=b'\n<!DOCTYPE html>\n<html lang="en">\n<head>\n <meta charset="utf-8" />\n <meta name="viewport" content="width=device-width, initial-scale=1.0" />\n <title>$2FAPROVIDER$ Login</title><link href="/images/b6cb5943dcb44685d5cac99ec47f6536db67fc8e7d2b8fb8292cf9e73252d26e_$2FAPROVIDER$-favicon.png" rel="shortcut icon" type="image/png" /><link href="/css/5de83301260b81418262eef3c23d40fa672b1c552126aa33709961a29d11fe11_login.min.css" rel="stylesheet" type="text/css" /></head>\n\n<body class="bgcover">\n \n <div class="login-wrap">\n <div class="panel card">\n <div class="panel-heading"><div class="brand"><img style="max-width:280px;max-height:150px" src="/org/11896af62a6d28ec00b33beef56bc8538a46af93845ecebc37aa13a0797c27ae.png" /></div></div>\n <div class="panel-body"><form action="/login" method="POST" name="loginForm" id="loginForm" role="form" novalidate>\n <input type="hidden" name="token" value="TuTay7cyQSm8XoBmcvukdjHo-lQ:1641895471341" />\n <input type="hidden" name="target_method" value="POST" />\n <input type="hidden" name="target_url" value="/app/389858/sso" />\n <input type="hidden" name="target_postdata" value="%3C%3Fxml+version=%271.0%27+encoding%3D%27UTF-8%27%3F%3E%0A%3Cconfig-auth+client%3D%22vpn%22+type%3D%22init%22+aggregate-auth-version%3D%222%22%3E%0A++%3Cversion+who%3D%22vpn%22%3E4.7.00136%3C%2Fversion%3E%0A++%3Cdevice-id%3Elinux-64%3C%2Fdevice-id%3E%0A++%3Cgroup-select%3E%3C%2Fgroup-select%3E%0A++%3Cgroup-access%3Ehttps%3A%2F%2F$COMPANY$.$2FAPROVIDER$.com%2Fapp%2F389858%2Fsso%3C%2Fgroup-access%3E%0A++%3Ccapabilities%3E%0A++++%3Cauth-method%3Esingle-sign-on-v2%3C%2Fauth-method%3E%0A++%3C%2Fcapabilities%3E%0A%3C%2Fconfig-auth%3E%0A" />\n <input type="hidden" name="target_opt" value="{"app_id":389858}" /> \n <input type="hidden" name="target_urlhash" value="" />\n\n \n <button type="submit" name="use_password" value="true" tabindex="-1" style="overflow:visible;height:0;width:0;margin:0;border:0;padding:0;display:block;border:none;"></button>\n\n <div id="user-cert" style="display:none">\n \n <p>You are authenticated as:</p>\n <div class="well well-sm">\n <p><i class="fa fa-fw fa-lg fa-user"></i> <strong class="user-firstname-name">...</strong></p>\n <p><i class="fa fa-fw fa-lg fa-envelope"></i> <span class="user-email">...</span></p>\n <p><i class="fa fa-fw fa-lg fa-asterisk"></i> User Certificate</p>\n </div>\n <p>\n <button type="button" class="btn btn-primary btn-lg">Use this identity</button>\n </p>\n </div>\n <div id="user-spnego" style="display:none">\n \n <p>You are authenticated as:</p>\n <div class="well well-sm">\n <p><i class="fa fa-fw fa-lg fa-user"></i> <strong class="user-firstname-name">...</strong></p>\n <p><i class="fa fa-fw fa-lg fa-envelope"></i> <span class="user-email">...</span></p>\n <p><i class="fa fa-fw fa-lg fa-asterisk"></i> Integrated Windows Authentication</p>\n </div>\n <p>\n <button type="button" class="btn btn-primary btn-lg">Use this identity</button>\n </p>\n </div>\n <div id="showAltAccount" style="display:none">\n <br/>\n <a href="#" onclick="$(\'#altAccount\').toggle()">Use another account</a><br/>\n </div>\n\n <div id="altAccount">\n <div class="inputBlock">\n <div class="form-group inputWrapper">\n <input type="email" class="login form-control login-user-en" name="username" id="userName" placeholder="Username or email" autofocus /><label for="userName" class="input-icon-tlm"><i class="fa fa-user-o"></i></label></div>\n <div class="form-group inputWrapper">\n <input type="password" class="login form-control" name="password" id="userPassword" placeholder="Password" /><label for="userPassword" class="input-icon-tlm"><i class="fa fa-unlock-alt"></i></label></div>\n </div>\n <div class="form-group"><div class="passwordOptBlock"><div class="checkbox remember-me" title="Automatically fill your email on this computer">\n <label><input type="checkbox" name="remember_me" checked id="checkbox-form" />Remember me</label>\n </div><div class="forgotBlock1"><a class="forgot-password" href="https://$COMPANY$.$2FAPROVIDER$.com/forgot?s=%2Fapp%2F389858%2Fsso">Forgot your password?</a></div></div><div class="connexionBlock">\n <button type="submit" name="use_password" value="true" class="btn btn-primary login-button">Sign in</button>\n </div>\n </div><div class="forgotBlock2">\n <a class="forgot-password" href="https://$COMPANY$.$2FAPROVIDER$.com/forgot?s=%2Fapp%2F389858%2Fsso">Forgot your password?</a>\n </div></div>\n </form>\n \n <div class="errorBox" id="errorBox">\n \n </div>\n </div>\n </div>\n </div>\n <footer class="footer-tlm">\n <div class="rightFooter-tlm">\n <span class="$2FAPROVIDER$-tlm">secured by </span>\n <img src="/images/92abca958ad9c16d36d43b012023403fca28fdac1c755eeb9feabe0901867e26_wallix_footer.png" alt="$2FAPROVIDER$" class="$2FAPROVIDER$Logo-tlm" />\n </div>\n</footer>\n <script src="/js/2359d383bf2d4ab65ebf7923bdf74ce40e4093f6e58251b395a64034b3c39772_jquery.min.js"></script>\n <!--[if lt IE 10]>\n \n <script src="/js/4c141f368da1152af24808794c501b65be66f1550e1b0b2f6c10578fb945eaf2_placeholders.min.js"></script>\n <![endif]-->\n \n \n <script>\n $("input[name=target_urlhash]").val(window.location.hash);\n </script>\n \n \n </body>\n</html>' Traceback (most recent call last): File "/home/$USER$/.local/bin/openconnect-sso", line 8, in <module> sys.exit(main()) File "/home/$USER$/.local/pipx/venvs/openconnect-sso/lib/python3.8/site-packages/openconnect_sso/cli.py", line 169, in main return app.run(args) File "/home/$USER$/.local/pipx/venvs/openconnect-sso/lib/python3.8/site-packages/openconnect_sso/app.py", line 34, in run auth_response, selected_profile = asyncio.get_event_loop().run_until_complete( File "/usr/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete return future.result() File "/home/$USER$/.local/pipx/venvs/openconnect-sso/lib/python3.8/site-packages/openconnect_sso/app.py", line 139, in _run auth_response = await authenticate_to( File "/home/$USER$/.local/pipx/venvs/openconnect-sso/lib/python3.8/site-packages/openconnect_sso/authenticator.py", line 22, in authenticate response = self._start_authentication() File "/home/$USER$/.local/pipx/venvs/openconnect-sso/lib/python3.8/site-packages/openconnect_sso/authenticator.py", line 67, in _start_authentication return parse_response(response) File "/home/$USER$/.local/pipx/venvs/openconnect-sso/lib/python3.8/site-packages/openconnect_sso/authenticator.py", line 137, in parse_response xml = objectify.fromstring(resp.content) File "src/lxml/objectify.pyx", line 1998, in lxml.objectify.fromstring File "src/lxml/etree.pyx", line 3252, in lxml.etree.fromstring File "src/lxml/parser.pxi", line 1912, in lxml.etree._parseMemoryDocument File "src/lxml/parser.pxi", line 1800, in lxml.etree._parseDoc File "src/lxml/parser.pxi", line 1141, in lxml.etree._BaseParser._parseDoc File "src/lxml/parser.pxi", line 615, in lxml.etree._ParserContext._handleParseResultDoc File "src/lxml/parser.pxi", line 725, in lxml.etree._handleParseResult File "src/lxml/parser.pxi", line 654, in lxml.etree._raiseParseError File "<string>", line 14 lxml.etree.XMLSyntaxError: Specification mandates value for attribute novalidate, line 14, column 121
That looks like a Pulse (or Juniper NC) server, not AnyConnect.
sso
Command
openconnect-sso -l debug --server $VPNURL$/$VPNGROUP$ --user $USER$
Response