Description of problem: got inappropriate HTTP CONNECT response: HTTP/1.1 401 Unauthorized - Cisco AnyConnect external authentication (SAML) when connecting to /CSCOSSLC/tunnel Version-Release number of selected component (if applicable): 9.12-7 How reproducible: Add and activate a new VPN connection (Cisco AnyConnect) in NetworkManager Steps to Reproduce: 1. Add a connection name 2. Add the gateway address 3. Add the agent name (AnyConnect) 4. Leave everything else unchanged 5. Complete SAML authentication Actual results: HTTP/1.1 401 Unauthorized Expected results: successful authorization Additional info: This issue has already been fixed in newer OpenConnect versions, which is why an update is needed.
Created attachment 2114777 [details] manually patched git commit 94e0b16c011b7b88708b8a8505fac6bfbe2e3cca pulled source rpm and applied this commit to it https://gitlab.com/openconnect/openconnect/-/commit/94e0b16c011b7b88708b8a8505fac6bfbe2e3cca We need this ( --no-external-auth) to connect against my universities cisco-annyconnect, and --no-external-auth is not exposed via NetworkManager-openconnect-gui
ok description is unclear. The attached file is the openconnect source rpm of F43 with the git commit patch applied. I just realized that this was filed against F42. My srpm if for F43
Hi. I am confirming the existence of the issue and this being fixed upstream. Except in my case (SMS 2FA) back-porting just the above patch did not suffice. I had to bump to the latest master.
Well, this issue still affects openconnect-9.12-9 provided in the Fedora 43 repositories.