GP - Failed to parse server response during authentication where response was MFA challenge
When connecting to a customer's GlobalProtect VPN using a command line that has worked in the past, the connection fails with "Failed to obtain WebVPN cookie" with the error: "Failed to parse server response". os: Mint 20.3 Cinnamon and openconnect version: v8.05-1
An example session is:
<my-user>:~$ sudo openconnect --protocol=gp https://redacted.com --user my-user --usergroup=gateway -vvvv
POST https://redacted.com/ssl-vpn/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux
Attempting to connect to server ipaddress:443
Connected to ipaddress:443
SSL negotiation with redacted.com
Connected to HTTPS on redacted.com
Got HTTP response: HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 11:08:20 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 496
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length: (496)
Login form: "Username: " user(TEXT)=(null), "Password: " passwd(PASSWORD)
Enter login credentials
Password:
POST https://redacted.com/ssl-vpn/login.esp
Got HTTP response: HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 11:08:35 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 234
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length: (234)
Failed to parse server response
Response was:<html>
<head></head>
<body>
var respStatus = "Challenge";
var respMsg = "Enter a passcode or select an option to continue: 1 - Push. Enter '0' to abort.";
thisForm.inputStr.value = "631e685100000570";
</body>
</html>
Failed to obtain WebVPN cookie