XML parse error when login with GlobalProtect
I can connect with the official globalprotect client, but not with opencconect.
openconnect --protocol=gp vpn-ext.groupfcc.com --dump-http-traffic -vvv
POST https://vpn-ext.groupfcc.com/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux
Attempting to connect to server 194.224.17.201:443
Connected to 194.224.17.201:443
SSL negotiation with vpn-ext.groupfcc.com
Connected to HTTPS on vpn-ext.groupfcc.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
> POST /global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux HTTP/1.1
> Host: vpn-ext.groupfcc.com
> User-Agent: PAN GlobalProtect
>
Got HTTP response: HTTP/1.1 200 OK
Date: Tue, 24 Oct 2023 14:33:29 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 1390
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
Set-Cookie: PHPSESSID=27df0009a4c8b4c2c6f1f4c474bbfb30; secure; HttpOnly
Set-Cookie: PHPSESSID=27df0009a4c8b4c2c6f1f4c474bbfb30; secure; HttpOnly
Set-Cookie: PHPSESSID=27df0009a4c8b4c2c6f1f4c474bbfb30; secure; HttpOnly
Set-Cookie: PHPSESSID=27df0009a4c8b4c2c6f1f4c474bbfb30; secure; HttpOnly
Set-Cookie: PHPSESSID=27df0009a4c8b4c2c6f1f4c474bbfb30; secure; HttpOnly
Set-Cookie: PHPSESSID=27df0009a4c8b4c2c6f1f4c474bbfb30; secure; HttpOnly
Set-Cookie: PHPSESSID=27df0009a4c8b4c2c6f1f4c474bbfb30; secure; HttpOnly
Set-Cookie: PHPSESSID=27df0009a4c8b4c2c6f1f4c474bbfb30; secure; HttpOnly
Set-Cookie: PHPSESSID=27df0009a4c8b4c2c6f1f4c474bbfb30; secure; HttpOnly
Set-Cookie: PHPSESSID=27df0009a4c8b4c2c6f1f4c474bbfb30; secure; HttpOnly
Set-Cookie: PHPSESSID=27df0009a4c8b4c2c6f1f4c474bbfb30; secure; HttpOnly
Set-Cookie: PHPSESSID=27df0009a4c8b4c2c6f1f4c474bbfb30; path=/; secure; httponly
Set-Cookie: PHPSESSID=27df0009a4c8b4c2c6f1f4c474bbfb30; secure; HttpOnly
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length: (1390)
< <?xml version="1.0" encoding="UTF-8" ?>
< <prelogin-response>
< <status>Success</status>
< <ccusername></ccusername>
< <autosubmit>false</autosubmit>
< <msg></msg>
< <newmsg></newmsg>
< <authentication-message>Enter login credentials</authentication-message>
< <username-label>Username</username-label>
< <password-label>Password</password-label>
< <panos-version>1</panos-version>
< <saml-default-browser>yes</saml-default-browser><cas-auth></cas-auth>
< <saml-auth-status>0</saml-auth-status>
< <saml-auth-method>REDIRECT</saml-auth-method>
< <saml-request-timeout>600</saml-request-timeout>
< <saml-request-id>0</saml-request-id><saml-request>aHR0cHM6Ly9hZGZzLmdyb3VwZmNjLmNvbS9hZGZzL2xzLz9TQU1MUmVxdWVzdD1qVkhCYnNJd0RQMlZLdmVTTmcyTVdtMmxEZzVEWWxwRnV4MTJtVUlJVUtsTnVqaEZmUDZnREEwdWFFZmJ6OCUyRnZQU2NvMnFhRHZIZDd2VkxmdlVMbkhkdEdJd3lEbFBSV2d4RllJMmpSS2dRbm9jeGZsOEJHQVhUV09DTk5RN3djVVZsWEd6MHpHdnRXMlZMWlF5M1YlMkIycVprcjF6SFFLbGgwNzc2dWhHTzJ2NmJpdmxTSm9XT0klMkZvbVpBRnRDeG9QaXVKTnolMkJKcUxVNDAlMkYwdGk4MFc3emFIRG0yUUVtOHhUOG5YUkhHJTJCNVd2JTJCeERhVGNDMVp3T054eU1QeGVEcU40M0FhbldDSXZWcG9kRUs3bExDQVJYNFklMkJJeFhJWWNvQWhaJTJGRXElMkY0dGZSYzYwMnRkNCUyRjlyeThnaEplcUt2emlyYXlJOTZFc0RzSlBBSklsNXhSaE9HeHZjbjFNSzY1aGt1eiUyRjBTWDA1bFIycWU3JTJGbXYwQSZSZWxheVN0YXRlPTNWRSUyQkFNJTJGcDNtTXlOMlJtTURBd09XRTBZemhpTkdNeVl6Wm1NV1kwWXpRM05HSmlabUl6TUElM0QlM0Q=</saml-request><auth-api>no</auth-api><region>ES</region>
< </prelogin-response>
SAML REDIRECT authentication is required via https://adfs.groupfcc.com/adfs/ls/?SAMLRequest=jVHBbsIwDP2VKveSNg2MWm2lDg5DYlpFux12mUIIUKlNujhFfP6gDA0uaEfbz8%2FvPSco2qaDvHd7vVLfvULnHdtGIwyDlPRWgxFYI2jRKgQnocxfl8BGAXTWOCNNQ7wcUVlXGz0zGvtW2VLZQy3V%2B2qZkr1zHQKlh0776uhGO2v6bivlSJoWOI%2FomZAFtCxoPiuJNz%2BJqLU40%2F0ti80W7zaHDm2QEm8xT8nXRHG%2B5Wv%2BxDaTcC1ZwONxyMPxeDqN43AanWCIvVpodEK7lLCARX4Y%2BIxXIYcoAhZ%2FEq%2F4tfRc602td4%2F9ry8ghJeqKvzirayI96EsDsJPAJIl5xRhOGxvcn1MK65hkuz%2F0SX05lR2qe7%2Fmv0A&RelayState=3VE%2BAM%2Fp3mMyN2RmMDAwOWE0YzhiNGMyYzZmMWY0YzQ3NGJiZmIzMA%3D%3D
When SAML authentication is complete, specify destination form field by appending :field_name to login URL.
Failed to parse XML server response
Response was: <?xml version="1.0" encoding="UTF-8" ?>
<prelogin-response>
<status>Success</status>
<ccusername></ccusername>
<autosubmit>false</autosubmit>
<msg></msg>
<newmsg></newmsg>
<authentication-message>Enter login credentials</authentication-message>
<username-label>Username</username-label>
<password-label>Password</password-label>
<panos-version>1</panos-version>
<saml-default-browser>yes</saml-default-browser><cas-auth></cas-auth>
<saml-auth-status>0</saml-auth-status>
<saml-auth-method>REDIRECT</saml-auth-method>
<saml-request-timeout>600</saml-request-timeout>
<saml-request-id>0</saml-request-id><saml-request>aHR0cHM6Ly9hZGZzLmdyb3VwZmNjLmNvbS9hZGZzL2xzLz9TQU1MUmVxdWVzdD1qVkhCYnNJd0RQMlZLdmVTTmcyTVdtMmxEZzVEWWxwRnV4MTJtVUlJVUtsTnVqaEZmUDZnREEwdWFFZmJ6OCUyRnZQU2NvMnFhRHZIZDd2VkxmdlVMbkhkdEdJd3lEbFBSV2d4RllJMmpSS2dRbm9jeGZsOEJHQVhUV09DTk5RN3djVVZsWEd6MHpHdnRXMlZMWlF5M1YlMkIycVprcjF6SFFLbGgwNzc2dWhHTzJ2NmJpdmxTSm9XT0klMkZvbVpBRnRDeG9QaXVKTnolMkJKcUxVNDAlMkYwdGk4MFc3emFIRG0yUUVtOHhUOG5YUkhHJTJCNVd2JTJCeERhVGNDMVp3T054eU1QeGVEcU40M0FhbldDSXZWcG9kRUs3bExDQVJYNFklMkJJeFhJWWNvQWhaJTJGRXElMkY0dGZSYzYwMnRkNCUyRjlyeThnaEplcUt2emlyYXlJOTZFc0RzSlBBSklsNXhSaE9HeHZjbjFNSzY1aGt1eiUyRjBTWDA1bFIycWU3JTJGbXYwQSZSZWxheVN0YXRlPTNWRSUyQkFNJTJGcDNtTXlOMlJtTURBd09XRTBZemhpTkdNeVl6Wm1NV1kwWXpRM05HSmlabUl6TUElM0QlM0Q=</saml-request><auth-api>no</auth-api><region>ES</region>
</prelogin-response>
Failed to complete authentication
Edited by David Pérez Carmona