openconnect stoken support not working properly with our form

Kevin Cernekee cernekee at
Mon Nov 13 10:22:33 PST 2017

On Mon, Nov 13, 2017 at 10:12 AM, Andy Wang <dopey at> wrote:
> That still didn't solve my problem and I used --dump-http-traffic and see that
> the stoken code being sent is completely different than what
> the stoken command actually generates.  I had no idea why that would
> have been the case.

The PIN and timestamp are the two main factors (assuming you don't
have a bunch of different token seeds / rc files lying around).

The PIN will only affect 4 digits of the tokencode:

$ stoken --force --pin 0000 ; stoken --force --pin 9999

If it helps, you can modify the openconnect code to print out the time
being passed to the library, and simulate it from the command line
like this:

$ stoken --force --pin 0000 --use-time=`date +%s`

More information about the openconnect-devel mailing list