VPN gateway requests two passwords.

Chaskiel Grundman cg2v at andrew.cmu.edu
Wed Sep 22 18:35:12 EDT 2010

My employer is migrating away from certificate authentication, and for 
some vpn groups, wants to use two factor authentication. Anyconnect 
apparently supports the notion of a "secondary password", and we've 
configured the first password to check our active directory, and the 
second to use a radius server which validates codes from our vasco 
digipass tokens.

The login form in this situation looks like this:

<message>Please enter your username and password.</message>

<form method="post" action="/+webvpn+/index.html">

<input type="text" name="username" label="Username:" />
<input type="password" name="password" label="Password:" />

<input type="password" name="secondary_password" label="Password:" 
second-auth="1" />
<input type="hidden" name="tgroup" value="SII-PRIV" />

<input type="submit" name="Login" value="Login" />
<input type="reset" name="Clear" value="Clear" />


I managed to get something that works, but it's a bit ugly, and I was 
curious if anyone has ideas on how this scenario should be handled in a 
more generic fashion.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: openconnect-two-passwords.diff
Type: text/x-diff
Size: 1739 bytes
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20100922/ad468ce7/attachment.bin>

More information about the openconnect-devel mailing list