Send --authgroup as <group-select> in initial POST request
Popp, Thomas
Thomas.Popp at akquinet.de
Wed May 31 03:48:03 PDT 2023
Hello.
The Cisco VPN server I try to connect to expects the correct authgroup to be send as <group-select> in the initial POST request, like:
<config-auth client="vpn" type="auth-request" aggregate-auth-version="2">
...
<group-select>correct-auth-group</group-select>
...
</config-auth>
Otherwise the server will send a wrong <sso-v2-login> path in the reponse.
However, openconnect v9.12-0+3.1 seems to ignore the --authgroup parameter for that purpose.
I also failed to manipulate the initial POST request form with the --form-entry parameter, like
--form-entry main:group-select=correct-auth-group
or
--form-entry init:group-select=correct-auth-group
I came to realize, that openconnect is designated to send the <group-select> node, as can be seen in the code of auth.c in line 929:
https://gitlab.com/openconnect/openconnect/-/blob/master/auth.c#L929
However, it doesn't and I can't tell why. Any idea how to fix the problem?
Kind regards
Thomas Popp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7746 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20230531/1b17f6f3/attachment.p7s>
More information about the openconnect-devel
mailing list