David Woodhouse dwmw2 at
Thu Aug 25 08:41:21 PDT 2016

On Wed, 2016-08-17 at 13:14 +0000, Bernard Hakme wrote:
> Unknown form ID 'frm'
> Dumping unknown HTML form:
> <form id="frm_142" name="frm" action="remediate.cgi">
>      <input id="action_31" type="hidden" name="action" value="">
>      <input id="signinId_2" type="hidden" name="signinId" value="url_0">
>      <input id="realmId_10" type="hidden" name="realmId" value="">
>      <input id="executedStep_2" type="hidden" name="executedStep" 
> value="installfail">
>      <input id="stateId_8" type="hidden" name="stateId" value="">
>      <input id="p_16" type="hidden" name="p" value="no-roles">
>      <input id="showContinue_2" type="hidden" name="showContinue" value="0">
>      <input id="showRemedOption_2" type="hidden" name="showRemedOption" 
> value="0">
>      <input id="hostcheckTS_2" type="hidden" name="hostcheckTS" value="">
>      <input id="totalseconds_2" type="hidden" name="totalseconds" value="">
>      <input id="executedAction_2" type="hidden" name="executedAction" 
> value="">
> </form>Failed to obtain WebVPN cookie
> What could be the error in this case? And what is missing?

The problem is that instead of having a general-purpose web browser to
take you through the authentication, we have special-case parsing of
some of the *known* forms, as they appear in the Juniper templates.

And we're slowly adding them one at a time as people encounter them and
report them coherently (thanks for doing so!).

I note your form seems to contain *all* hidden elements, as if it can
be submitted immediately with no user interaction. Or, more likely, as
if it *requires* some JavaScript magic to happen.

It might be useful to compare what happens with a 'real' web browser,
with an HTTP traffic dump, with what OpenConnect is doing.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list