Available for support for F5 + MFA

Antonio Petrelli antonio.petrelli at gmail.com
Tue Aug 3 09:08:36 PDT 2021

Hello again
>From now on, the edited values are between <angle-brackets>, but the
rest is literal.ù
Ok after login, I land on a page that says "Connect to VPN".
Clicking on it this request is sent:

GET /vdesk/get_token_for_sessid.php3 HTTP/1.0
Host: <corporate-vpn-host-name>
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0)
Gecko/20100101 Firefox/90.0
Accept: */*
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://<corporate-vpn-host-name>/vdesk/webtop.eui?webtop=/Common/Portal_<CORPORATE-VPN-HOST-NAME-IN-UPPERCASE>_Webtop&webtop_type=webtop_full
Cookie: LastMRH_Session=<4-bytes-hex-encoded>; TIN=66000;
MRHSession=<MRHSession-Cookie>; F5_ST=<F5-ST-Cookie>; F5_fullWT=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

And the response (empty) is:
HTTP/1.0 200 OK
Server: BigIP
Content-Length: 0
X-ACCESS-Session-Token: <access-session-token>
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Connection: close

Now a resource is going to be opened by f5vpn. The resource is:


Notice that the ID of the element <div> that contains the button is:

Notice that the value:
for the token parameter in the f5-vpn URL seems to be always the same,
however I cannot see where it comes from.

What should I do now? How do I inject those codes in OpenConnect?


More information about the openconnect-devel mailing list