"No SSO handler" error for non-SSO auth group

[Marc Burgess]

Hi there,

I'm trying to connect to my university's network (AnyConnect). I use OpenConnect because I need split tunnelling, and it was working fine, but they seem to have changed something about the server config and now I get the "Please complete the authentication process in the AnyConnect Login window message.". Previously I could just include username and password on command line.

Using the AnyConnect GUI there are two options for the group: azuresso and vpn.uct.ac.za. The former brings up an SSO window, but the latter is just standard username/password auth. I'm using --authgroup=vpn.uct.ac.za so I was hoping it would skip the SSO part in openconnect. I didn't need to use authgroup at all before whatever the change was.

Is there something I'm doing wrong here? It looks like the original request XML includes single-sign-on-v2 in the auth-method - should this be the case if I'm not using the SSO auth group? (<?xml version="1.0" encoding="UTF-8"?><config-auth client="vpn" type="init" aggregate-auth-version="2"><version who="vpn">v8.20-1</version><device-id>linux-64</device-id><capabilities><auth-method>single-sign-on-v2</auth-method></capabilities><group-access>https://vpn.uct.ac.za/</group-access></config-auth>)

I'd appreciate any suggestions on how to get past this. I'm using WSL so trying to get openconnect-sso working is difficult.

Many thanks,
Marc Burgess
Disclaimer - University of Cape Town This email is subject to UCT policies and email disclaimer published on our website at http://www.uct.ac.za/main/email-disclaimer or obtainable from +27 21 650 9111. If this email is not related to the business of UCT, it is sent by the sender in an individual capacity. Please report security incidents or abuse via https://csirt.uct.ac.za/page/report-an-incident.php.