F5 Failed to complete authentication
hello, i'm testing openconnect version v8.10-711-gfe58848e f5 setup on a customer environment. the setup, together with classic user/password, also requires a client certificate.
after some trial and error, i ended up using this commandline:
openconnect --protocol=f5 remote.vpn.host -u username -c client_cert.p12 --servercert whatever --cafile server.crt -vvvv --dump --useragent 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36' --dump-http-traffic
but i cannot have openconnect to close the connection.
i'm asked for the client certificate password, then openconnect exists with a:
WARNING: no HTML login form found; assuming username and password fields
Failed to complete authentication
unfortunately there is no http dump between the WARNING and the Failed message.
the http dump i receive before the WARNING, complete with last GET and exit message, is:
> GET /my.policy HTTP/1.1
> Host: [redacted]
> User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
> Cookie: LastMRH_Session=[redacted]; MRHSession=[redacted]; MRHSHint=deleted
>
Got HTTP response: HTTP/1.1 200 OK
Server: BigIP
Content-Type: text/html; charset=utf-8
Accept-Ranges: bytes
Connection: close
Date: Fri, 19 Nov 2021 17:47:36 GMT
Age: 35107
Content-Length: 3409
X-Frame-Options: DENY
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Set-Cookie: LastMRH_Session=[redacted];path=/;secure
Set-Cookie: MRHSession=<elided>;path=/;secure
HTTP body length: (3409)
< <html lang="en">
< <head>
< <meta charset="UTF-8">
< <meta http-equiv="X-UA-Compatible" content="IE=Edge">
< <meta name="viewport" content="width=device-width, initial-scale=1" />
< <meta name="robots" content="noindex,nofollow" />
< <link rel="stylesheet" href="/public/include/css/modern/framework.css?q=[redacted]" />
< <script type="text/javascript" src="/public/include/js/modern/loader.js?q=[redacted]"></script>
< <script type="text/javascript" src="/public/include/js/modern/main.js?q=[redacted]"></script>
< <script type="text/javascript">
< function init(apmui) {
< var appLoader = new apmui.AppLoader();
< appLoader.configure({
< "pageType": "logon",
< "source": "/Common/modern",
< "styles": [],
< "scripts": [],
< "logon": {
< "softToken": {
< "fieldName": "",
< "state": "",
< "newPin": ""
< },
< "form": {
< "id": "auth_form",
< "title": "Secure Logon for F5 Networks",
< "submitCaption": "Logon",
< "savePassword": "Save Password",
< "passwordVerifyDontMatch": "Password and confirmation do not match.",
< "fields": [
< {
< "type": "text",
< "name": "username",
< "caption": "Username",
< "value": "",
< "disabled": false
< },
< {
< "type": "password",
< "name": "password",
< "caption": "Password",
< "value": "",
< "disabled": false
< }
< ]
< },
< "images": {
< "image00": "/public/images/my/tr.gif",
< "image01": "/public/images/my/tr.gif",
< "image02": "/public/images/my/tr.gif",
< "image03": "/public/images/my/tr.gif",
< "image04": "/public/images/my/tr.gif",
< "image05": "/public/images/my/tr.gif",
< "image06": "/public/images/my/tr.gif",
< "image07": "/public/images/my/tr.gif",
< "image08": "/public/images/my/tr.gif",
< "image09": "/public/images/my/tr.gif"
< }
< },
< "general": {
< "header": {
< "logoImage": "/public/images/modern/general/f5-logo-desktop.png",
< "logoSmallImage": "/public/images/modern/general/f5-logo-mobile.png",
< "disconnectCaption": "Logout",
< "mottoMessage": ""
< },
< "footer": {
< "message": "This product is licensed from F5 Networks. \u00a9 1999-2019 F5 Networks. All rights reserved. "
< },
< "config": {
< "pageTitle": "",
< "landingUri": "/",
< "landingUriBase64": "",
< "layoutBreakpointSmall": "586px",
< "layoutBreakpointLarge": "992px",
< "disableExternal": "off"
< },
< "policyTimeout": {
< "message": "Your session is timed out.",
< "newSessionMessage": "New session"
< },
< "controllers": {
< "policyTimeout": true
< }
< }
< });
< appLoader.run();
< }
< function __run() {
< if (typeof require !== 'undefined') {
< require(['apmui'], init);
< } else {
< init(this['apmui']);
< }
< }
< </script>
< </head>
< <body onload="javascript: __run();">
< </body>
< </html>
WARNING: no HTML login form found; assuming username and password fields
Failed to complete authentication