XML response has no "auth" node

Daniel Lenski dlenski at gmail.com
Wed Feb 15 15:39:49 PST 2017

On Mon, Feb 13, 2017 at 9:21 AM, Cary Robbins <carymrobbins at gmail.com> wrote:
> So, that seems like it sort of works, but I'm not entirely sure.
> There's an Okta workflow to log into the VPN, so I try it from my
> browser then steal the cookie, using it on the command line. Note that
> I'm using the entire Set-Cookie header, which seems to contain a few
> cookies; although, none of them are DSID.
> ---------------
> % sudo openconnect --cookie "<cookie>" --protocol=nc https://vpn.company.com
> Connected to xx.xx.xx.xx
> SSL negotiation with vpn.company.com
> Connected to HTTPS on vpn.company.com
> ---------------
> It stays there for a while.

For whatever reason, a request with an invalid cookie is taking a long
to respond, but the Juniper VPN definitely won't be letting you
connect without a valid DSID cookie.

If the web login flow hasn't arrived at a page that gives you a cookie
named DSID then you haven't gotten far enough. (There will be a bunch
of other DS* cookies as well, but you don't need those).


More information about the openconnect-devel mailing list