ODA on cisco annyconnect and Next PASSCODE
Hi,
My company use ODA with cisco anyconnect:
- connection : login + pin
- ==> company send a mail witch token
- i have to enter token at request Next PASSCODE
With openconnect, it is skipped , i can't enter Next PASSCODE, connection return to login/pass.
"Next PASSCODE" is skipped, it seems not detected.
Any tips for this, Thanks.
POST https://vpn.xxxxxxxxx/ Connected to xxxxxxxxx:443 Négociation SSL avec xxxxxxxxx Connected to HTTPS on xxxxxxxxx with ciphersuite (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(AES-256-GCM) Got HTTP response: HTTP/1.1 404 Not Found Unexpected 404 result from server GET https://xxxxxxxxx/ Connected to xxxxxxxxx:443 Négociation SSL avec xxxxxxxxx Connected to HTTPS on xxxxxxxxx with ciphersuite (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(AES-256-GCM) Got HTTP response: HTTP/1.0 302 Object Moved GET https://xxxxxxxxx/+webvpn+/index.html Négociation SSL avec xxxxxxxxx Connected to HTTPS on xxxxxxxxx with ciphersuite (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(AES-256-GCM) Please enter your username and password. GROUP: [xxxxxxxxx|prestataire|xxxxxxxxx]:xxxxxxx <=== enter by me xxxxxxx Please enter your username and password. Username:xxxxxxxxx <=== enter by me xxxxxxx Password:xxxxxxxxx <=== enter by me xxxxxxx POST https://xxxxxxxxx/+webvpn+/index.html <=== here mail receive with passcode Enter Next PASSCODE: <=== canot enter pass because skipped by openconnect :-( POST https://xxxxxxxxx/+webvpn+/login/challenge.html Please enter your username and password. Username:^Cfgets (stdin): Appel système interrompu <=== here i quit because it loop again on bad pass
On verbose log :
...
POST https://xxxxxxxxx/+webvpn+/index.html
> POST /+webvpn+/index.html HTTP/1.1
> Host: xxxxxxxxxxxxx
> User-Agent: Open AnyConnect VPN Agent v9.12-1
> Cookie: webvpnlogin=1
> Accept: */*
> Accept-Encoding: identity
> X-Transcend-Version: 1
> X-Support-HTTP-Auth: true
> X-AnyConnect-STRAP-Pubkey: xxxxxxxxx
> X-AnyConnect-STRAP-DH-Pubkey: xxxxxxxxx
> X-Pad: 000000000000000
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 49
>
> group_list=xxxxxxxxx&username=xxxxxxxxx&password=xxxxxxxxx
Got HTTP response: HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/xml; charset=utf-8
Cache-Control: no-store
Set-Cookie: tg=1dGdfZHNp; expires=Fri, 08 Dec 2023 23:14:21 GMT; path=/; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
< <?xml version="1.0" encoding="UTF-8"?>
< <!--
< Copyright (c) 2007-2008, 2012 by Cisco Systems, Inc.
< All rights reserved.
< -->
< <auth id="next_tokencode">
< <title>SSL VPN Service</title>
<
< <message>Enter Next PASSCODE: </message>
<
< <form method="post" action="/+webvpn+/login/challenge.html">
<
<
< <input type="submit" name="Continue" value="Continue" />
< <input type="submit" name="Cancel" value="Cancel" />
<
< <input type="hidden" name="auth_handle" value="1569" />
< <input type="hidden" name="status" value="2" />
< <input type="hidden" name="username" value="xxxxxxxxx" />
< <input type="hidden" name="serverType" value="0" />
< <input type="hidden" name="challenge_code" value="10" />
< </form>
< </auth>
<
<
Enter Next PASSCODE: <== i can't enter passcode , openconnect redo a POST
POST https://xxxxxxxxxxxxxx/+webvpn+/login/challenge.html
> POST /+webvpn+/login/challenge.html HTTP/1.1
> Host: xxxxxxxxxx
..............
os: linux ubuntu
Thank for helping.
Edited by Vitry David Gilbert