Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'[error ] Could not finish authentication. Invalid response type in current state' after 2FA complete without issue. #121

Open
diegoxcn opened this issue Jan 4, 2023 · 6 comments
Open

'[error ] Could not finish authentication. Invalid response type in current state' after 2FA complete without issue. #121

diegoxcn opened this issue Jan 4, 2023 · 6 comments

Comments

@diegoxcn
Copy link

diegoxcn commented Jan 4, 2023

Hi Team,

I'm running openconnect-sso on Raspberry Pi 4B+ with Rasp OS 64-bit.

I've encountered weird problem, my openconnect-sso could successfully load login page, and even complete 2FA by authenticator successfully, but then it will  get this error and terminate:

[error    ] Could not finish authentication. Invalid response type in current state

I did test on my ubuntu virtual machine, and got the same error, it could possibly be the server end configure difference, but I'm new to openconnect-sso, may need your expertise to troubleshoot this problem.

Would it possibly be any configure issue from my side? How could I improve the situation?

I would love to provide as much as information for troubleshooting.

Here's the full debug message:

raspi:~ $ openconnect-sso -s "vpn.mycompany.com/VPN" --authgroup ssl -u user@mycompany.com -l debug    1 (24.618s)
Using selector: EpollSelector
Loading KWallet
Loading SecretService
Loading Windows
Loading chainer
Loading libsecret
Loading macOS
[info     ] Cannot retrieve saved password from keyring. [openconnect_sso.config]
Password (user@mycompany.com):
[info     ] Cannot save password to keyring. [openconnect_sso.config]
[info     ] Authenticating to VPN endpoint [openconnect_sso.app] address=vpn.mycompany.com/VPN name=ssl
Starting new HTTPS connection (1): vpn.mycompany.com:443
https://vpn.mycompany.com:443 "GET /ANY_VPN HTTP/1.1" 200 98
[debug    ] Auth target url                [openconnect_sso.authenticator] url=https://vpn.mycompany.com/VPN
[debug    ] Sending auth init request      [openconnect_sso.authenticator] content=b'<?xml version=\'1.0\' encoding=\'UTF-8\'?>\n<config-auth client="vpn" type="init" aggregate-auth-version="2">\n  <version who="vpn">4.7.00136</version>\n  <device-id>linux-64</device-id>\n  <group-select>ssl</group-select>\n  <group-access>https://vpn.mycompany.com/VPN</group-access>\n  <capabilities>\n    <auth-method>single-sign-on-v2</auth-method>\n  </capabilities>\n</config-auth>\n'
Starting new HTTPS connection (1): vpn.mycompany.com:443
https://vpn.mycompany.com:443 "POST /ANY_VPN HTTP/1.1" 200 None
[debug    ] Auth init response received    [openconnect_sso.authenticator] content=b'<?xml version="1.0" encoding="UTF-8"?>\n<config-auth client="vpn" type="auth-request" aggregate-auth-version="2">\n<opaque is-for="sg">\n<tunnel-group>ANY_VPN_test</tunnel-group>\n<auth-method>single-sign-on-v2</auth-method>\n<config-hash>1670847137524</config-hash>\n</opaque>\n<auth id="main">\n<title>Login</title>\n<message>Please complete the authentication process in the AnyConnect Login window.</message>\n<banner></banner>\n<sso-v2-login>https://vpn.mycompany.com/+CSCOE+/saml/sp/login?tgname=ANY_VPN_test&#x26;acsamlcap=v2</sso-v2-login>\n<sso-v2-login-final>https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html</sso-v2-login-final>\n<sso-v2-logout>https://vpn.mycompany.com/+CSCOE+/saml/sp/logout</sso-v2-logout>\n<sso-v2-logout-final>https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html</sso-v2-logout-final>\n<sso-v2-token-cookie-name>acSamlv2Token</sso-v2-token-cookie-name>\n<sso-v2-error-cookie-name>acSamlv2Error</sso-v2-error-cookie-name>\n<form>\n<input type="sso" name="sso-token"></input>\n</form>\n</auth>\n</config-auth>\n'
[info     ] Response received              [openconnect_sso.authenticator] id=main message=Please complete the authentication process in the AnyConnect Login window. title=Login
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[info     ] Browser started                [webengine] startup_info=StartupInfo(url='https://vpn.mycompany.com/+CSCOE+/saml/sp/login?tgname=ANY_VPN_test&acsamlcap=v2', credentials=Credentials(username='user@mycompany.com'))
[info     ] Loading page                   [webengine] url=https://vpn.mycompany.com/+CSCOE+/saml/sp/login?tgname=VPN_test&acsamlcap=v2
[info     ] Initiating autologin           [webengine] cred=Credentials(username='user@mycompany.com')
[info     ] Cannot retrieve saved password from keyring. [openconnect_sso.config]
[debug    ] Cookie set                     [webengine] name=fpc
[debug    ] Cookie set                     [webengine] name=CCState
[debug    ] Cookie set                     [webengine] name=ESTSAUTHPERSISTENT
[debug    ] Cookie set                     [webengine] name=brcap
[debug    ] Cookie set                     [webengine] name=ch
[debug    ] Cookie set                     [webengine] name=wlidperf
[debug    ] Cookie set                     [webengine] name=buid
[debug    ] Cookie set                     [webengine] name=clrc
[debug    ] Cookie set                     [webengine] name=fpc
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='fpc', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='CCState', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ESTSAUTHPERSISTENT', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='brcap', value='0')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ch', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='wlidperf', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='buid', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='clrc', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='fpc', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Cookie set                     [webengine] name=webvpnLang
[debug    ] Cookie set                     [webengine] name=webvpnlogin
[debug    ] Cookie set                     [webengine] name=CSRFtoken
[debug    ] Cookie set                     [webengine] name=acsamlcap
[debug    ] Cookie set                     [webengine] name=tg
[debug    ] Cookie set                     [webengine] name=acSamlv2Error
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='webvpnLang', value='en')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='webvpnlogin', value='1')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='CSRFtoken', value='')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='acsamlcap', value='v2')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='tg', value='')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='acSamlv2Error', value='')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Cookie set                     [webengine] name=ESTSAUTHPERSISTENT
[debug    ] Cookie set                     [webengine] name=ESTSAUTH
[debug    ] Cookie set                     [webengine] name=ESTSAUTHLIGHT
[debug    ] Cookie set                     [webengine] name=ch
[debug    ] Cookie set                     [webengine] name=ESTSSC
[debug    ] Cookie set                     [webengine] name=buid
[debug    ] Cookie set                     [webengine] name=CCState
[debug    ] Cookie set                     [webengine] name=SignInStateCookie
[debug    ] Cookie set                     [webengine] name=fpc
[debug    ] Cookie set                     [webengine] name=esctx
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ESTSAUTHPERSISTENT', value='key_value')
[debug    ] Cookie set                     [webengine] name=x-ms-gateway-slice
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Cookie set                     [webengine] name=stsservicecookie
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ESTSAUTH', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ESTSAUTHLIGHT', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ch', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ESTSSC', value='00')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='buid', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='CCState', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='SignInStateCookie', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='fpc', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='esctx', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='x-ms-gateway-slice', value='estsfd')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='stsservicecookie', value='estsfd')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Page loaded                    [webengine] url=url_omit
js: A cookie associated with a cross-site resource at https://vpn.mycompany.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='url_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=url_omit
[debug    ] Page loaded                    [webengine] url=https://vpn.mycompany.com/+CSCOE+/saml/sp/acs?tgname=VPN_test
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://vpn.mycompany.com/+CSCOE+/saml/sp/acs?tgname=VPN_test')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://vpn.mycompany.com/+CSCOE+/saml/sp/acs?tgname=VPN_test
[debug    ] Cookie set                     [webengine] name=webvpnlogin
[debug    ] Cookie set                     [webengine] name=acSamlv2Error
[debug    ] Page loaded                    [webengine] url=https://vpn.mycompany.com/+webvpn+/index.html
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='webvpnlogin', value='1')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='acSamlv2Error', value='1')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://vpn.mycompany.com/+webvpn+/index.html')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://vpn.mycompany.com/+webvpn+/index.html
[debug    ] Cookie set                     [webengine] name=acsamlcap
[debug    ] Cookie set                     [webengine] name=acSamlv2Token
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='acsamlcap', value='')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='acSamlv2Token', value='')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Page loaded                    [webengine] url=https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html
[info     ] Terminate requested.           [webengine]
[info     ] Exiting browser                [webengine]
[info     ] Browser exited                 [openconnect_sso.browser.browser]
[debug    ] Sending auth finish request    [openconnect_sso.authenticator] content=b'<?xml version=\'1.0\' encoding=\'UTF-8\'?>\n<config-auth client="vpn" type="auth-reply" aggregate-auth-version="2">\n  <version who="vpn">4.7.00136</version>\n  <device-id>linux-64</device-id>\n  <session-token/>\n  <session-id/>\n  <opaque is-for="sg">\n    <tunnel-group>ANY_VPN_test</tunnel-group>\n    <auth-method>single-sign-on-v2</auth-method>\n    <config-hash>1670847137524</config-hash>\n  </opaque>\n  <auth>\n    <sso-token></sso-token>\n  </auth>\n</config-auth>\n'
https://vpn.mycompany.com:443 "POST /VPN HTTP/1.1" 200 None
[debug    ] Auth finish response received  [openconnect_sso.authenticator] content=b'<?xml version="1.0" encoding="UTF-8"?>\n<config-auth client="vpn" type="auth-request" aggregate-auth-version="2">\n<opaque is-for="sg">\n<tunnel-group>ANY_VPN_test</tunnel-group>\n<auth-method>single-sign-on-v2</auth-method>\n<config-hash>1670847137524</config-hash>\n</opaque>\n<auth id="main">\n<title>Login</title>\n<message>Please complete the authentication process in the AnyConnect Login window.</message>\n<banner></banner>\n<error id="1">Unknown error.</error>\n<sso-v2-login>https://vpn.mycompany.com/+CSCOE+/saml/sp/login?tgname=VPN_test&#x26;acsamlcap=v2</sso-v2-login>\n<sso-v2-login-final>https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html</sso-v2-login-final>\n<sso-v2-logout>https://vpn.mycompany.com/+CSCOE+/saml/sp/logout</sso-v2-logout>\n<sso-v2-logout-final>https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html</sso-v2-logout-final>\n<sso-v2-token-cookie-name>acSamlv2Token</sso-v2-token-cookie-name>\n<sso-v2-error-cookie-name>acSamlv2Error</sso-v2-error-cookie-name>\n<form>\n<input type="sso" name="sso-token"></input>\n</form>\n</auth>\n</config-auth>\n'
[info     ] Response received              [openconnect_sso.authenticator] id=main message=Please complete the authentication process in the AnyConnect Login window. title=Login
[error    ] Could not finish authentication. Invalid response type in current state [openconnect_sso.authenticator] response=AuthRequestResponse(auth_id='main', auth_title='Login', auth_message='Please complete the authentication process in the AnyConnect Login window.', auth_error='Unknown error.', login_url='https://vpn.mycompany.com/+CSCOE+/saml/sp/login?tgname=VPN_test&acsamlcap=v2', login_final_url='https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html', token_cookie_name='acSamlv2Token', opaque=<Element opaque at 0x7f2cc2e7b9c0>)
Traceback (most recent call last):
  File "/home/xcn/.local/bin/openconnect-sso", line 8, in <module>
    sys.exit(main())
  File "/home/xcn/.local/lib/python3.8/site-packages/openconnect_sso/cli.py", line 169, in main
    return app.run(args)
  File "/home/xcn/.local/lib/python3.8/site-packages/openconnect_sso/app.py", line 34, in run
    auth_response, selected_profile = asyncio.get_event_loop().run_until_complete(
  File "/usr/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete
    return future.result()
  File "/home/xcn/.local/lib/python3.8/site-packages/openconnect_sso/app.py", line 139, in _run
    auth_response = await authenticate_to(
  File "/home/xcn/.local/lib/python3.8/site-packages/openconnect_sso/authenticator.py", line 50, in authenticate
    raise AuthenticationError(response)
openconnect_sso.authenticator.AuthenticationError: AuthRequestResponse(auth_id='main', auth_title='Login', auth_message='Please complete the authentication process in the AnyConnect Login window.', auth_error='Unknown error.', login_url='https://vpn.mycompany.com/+CSCOE+/saml/sp/login?tgname=VPN_test&acsamlcap=v2', login_final_url='https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html', token_cookie_name='acSamlv2Token', opaque=<Element opaque at 0x7f2cc2e7b9c0>)

Rasp Pi config:

raspi:~ $ env
SHELL=/bin/bash
NO_AT_BRIDGE=1
PWD=/home/pi
LOGNAME=pi
XDG_SESSION_TYPE=tty
MOTD_SHOWN=pam
HOME=/home/pi
LANG=en_GB.UTF-8
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:
SSH_CONNECTION=172.16.10.234 7770 172.16.10.12 22
XDG_SESSION_CLASS=user
TERM=xterm-256color
USER=pi
SHLVL=1
XDG_SESSION_ID=7
XDG_RUNTIME_DIR=/run/user/1000
SSH_CLIENT=172.16.10.234 7770 22
PATH=/home/pi/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
SSH_TTY=/dev/pts/2
TEXTDOMAIN=Linux-PAM
_=/usr/bin/env

raspi:~ $ openconnect-sso --version
openconnect-sso 0.7.3

raspi:~ $ python3 --version
Python 3.9.2

If there's any more information would help, please kindly let me know, I'm more than happy to get it.

Much appreciated.

Cheers.
@petoknm
Copy link

petoknm commented May 10, 2023

Recently, I started hitting this issue too

@dagbdagb
Copy link

This problem occurs for me as well.
ASA was upgraded from 9.12.4 to 9.18.3.

@JeeMo
Copy link

JeeMo commented Jun 26, 2023

I am experiencing this issue on Ubuntu 22.04 as well.

@dagbdagb
Copy link

Aaand same issue with 0.8.0. Microsoft Azure-backed 2FA, if that matters.

@dlm21
Copy link

dlm21 commented Sep 13, 2023
edited
Loading

"me too", on arch linux from aur, also using MS authenticator for 2FA. Might be related to having already authenticated with the authenticator in the past 24 hours, so it bypasses the expected 2FA page and would perhaps be fine if it didn't give up and exit ?

$ openconnect-sso --version
openconnect-sso 0.8.0

Edit: Note that it works fine if not passing the --user arg for auto form-fill
Edit - 2: removed due to red-herring
Edit - 3: It appears there is an CSRF check that is triggering when trying to auto-submit the form. I commented out the following lines from browser/webengine_process.py so that at least the credentials get autofilled from my wallet, I just have to click the submit button for it.

#        elif rule.action == "click":
#            statements.append(
#                f"""var elem = document.querySelector({selector}); if (elem) {{ elem.dispatchEvent(new Event("focus")); elem.click(); }}"""
#           )

removing that handler from get_selectors was enough of a workaround for me.

@dagbdagb
Copy link

removing that handler from get_selectors was enough of a workaround for me.

Can confirm. Works for me as well. Thank you for debugging and documenting your findings, @dlm21 !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dlm21 @petoknm @JeeMo @dagbdagb @diegoxcn