Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"no such child: sso-v2-login", does this endpoint do SSO? #99

Open
ccampb19 opened this issue Sep 28, 2022 · 5 comments
Open

"no such child: sso-v2-login", does this endpoint do SSO? #99

ccampb19 opened this issue Sep 28, 2022 · 5 comments

Comments

@ccampb19
Copy link

ccampb19 commented Sep 28, 2022
edited
Loading

Harking back to issue #60, here is my poorly redacted log:

Using selector: EpollSelector
[info     ] Authenticating to VPN endpoint [openconnect_sso.app] address=vpn.company.com name=
Starting new HTTPS connection (1): vpn.company.com:443
https://vpn.company.com:443 "GET / HTTP/1.1" 200 None
[debug    ] Auth target url                [openconnect_sso.authenticator] url=https://vpn.company.com/
[debug    ] Sending auth init request      [openconnect_sso.authenticator] content=b'<?xml version=\'1.0\' encoding=\'UTF-8\'?>\n<config-auth client="vpn" type="init" aggregate-auth-version="2">\n  <version who="vpn">4.7.00136</version>\n  <device-id>linux-64</device-id>\n  <group-select></group-select>\n  <group-access>https://vpn.company.com/</group-access>\n  <capabilities>\n    <auth-method>single-sign-on-v2</auth-method>\n  </capabilities>\n</config-auth>\n'
Starting new HTTPS connection (1): vpn.company.com:443
https://vpn.company.com:443 "POST / HTTP/1.1" 200 None
[debug    ] Auth init response received    [openconnect_sso.authenticator] content=b'<?xml version="1.0" encoding="UTF-8"?>\n<config-auth client="vpn" type="auth-request" aggregate-auth-version="2">\n<opaque is-for="sg">\n<tunnel-group>Company</tunnel-group>\n<auth-method>single-sign-on-v2</auth-method>\n<group-alias>Default-Company</group-alias>\n<config-hash>1659023304101</config-hash>\n</opaque>\n<auth id="main">\n<title>Login</title>\n<message>Please complete the authentication process in the AnyConnect Login window.</message>\n<banner></banner>\n<sso-v2-login>https://vpn.company.com/+CSCOE+/saml/sp/login?tgname=Company&#x26;acsamlcap=v2</sso-v2-login>\n<sso-v2-login-final>https://vpn.company.com/+CSCOE+/saml_ac_login.html</sso-v2-login-final>\n<sso-v2-token-cookie-name>acSamlv2Token</sso-v2-token-cookie-name>\n<sso-v2-error-cookie-name>acSamlv2Error</sso-v2-error-cookie-name>\n<form>\n<input type="sso" name="sso-token"></input>\n<select name="group_list" label="GROUP:">\n<option selected="true">Default-Company</option>\n<option>Housing</option>\n<option>Merage</option>\n<option>MerageFull</option>\n<option>PTS</option>\n<option>Company-Reserved</option>\n<option>Company-classic</option>\n<option>CompanyFull</option>\n<option>CompanyFull-classic</option>\n<option>WebVPN</option>\n</select>\n</form>\n</auth>\n<host-scan>\n<host-scan-ticket>4082479E2CC9F1D90CF74420</host-scan-ticket>\n<host-scan-token>10AEE72331F0F85213BEE4DD</host-scan-token>\n<host-scan-base-uri>/CACHE</host-scan-base-uri>\n<host-scan-wait-uri>/+CSCOE+/sdesktop/wait.html</host-scan-wait-uri>\n</host-scan>\n</config-auth>\n'
[info     ] Response received              [openconnect_sso.authenticator] id=main message=Please complete the authentication process in the AnyConnect Login window. title=Login
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[info     ] Browser started                [webengine] startup_info=StartupInfo(url='https://vpn.company.com/+CSCOE+/saml/sp/login?tgname=Company&acsamlcap=v2', credentials=None)
[info     ] Loading page                   [webengine] url=https://vpn.company.com/+CSCOE+/saml/sp/login?tgname=Company&acsamlcap=v2
[debug    ] Cookie set                     [webengine] name=hac|DU6WHJOVYT3QRJXKO89P|DAXN5GYZT302FJRPXZQL
[debug    ] Cookie set                     [webengine] name=trc|DU6WHJOVYT3QRJXKO89P|DAXN5GYZT302FJRPXZQL
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='hac|DU6WHJOVYT3QRJXKO89P|DAXN5GYZT302FJRPXZQL', value='|xxx.xxx.xxx.xxx|1234567890|c7fac99d86ee3288ac7f81fc7181419edc0f2eba')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='trc|DU6WHJOVYT3QRJXKO89P|DAXN5GYZT302FJRPXZQL', value='EP6GJA2H4UVVHEWGKLDZ')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Cookie set                     [webengine] name=webvpnLang
[debug    ] Cookie set                     [webengine] name=webvpnlogin
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='webvpnLang', value='en')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Cookie set                     [webengine] name=acsamlcap
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='webvpnlogin', value='1')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Cookie set                     [webengine] name=tg
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='acsamlcap', value='v2')
[debug    ] Cookie set                     [webengine] name=acSamlv2Error
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='tg', value='')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='acSamlv2Error', value='')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Cookie set                     [webengine] name=JSESSIONID
[debug    ] Cookie set                     [webengine] name=DCA0_core_svcs
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='JSESSIONID', value='9E63866BB9715BDC1FF333C2B9A8883E')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='DCA0_core_svcs', value='!cdKJPCmRKFIYv18wOBXHXiXo71wVbi6hhJJt1jyEDA7EaLKE2HeE5Vws3DM7T8L2bUWgl5yeGBTBUgIUIQBNyf7lqmGx6qZYzs9QZ5F/')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Page loaded                    [webengine] url=https://shib.service.company.com/idp/profile/SAML2/Redirect/SSO;jsessionid=9E63866BB9715BDC1FF333C2B9A8883E?execution=e1s1
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://shib.service.company.com/idp/profile/SAML2/Redirect/SSO;jsessionid=9E63866BB9715BDC1FF333C2B9A8883E?execution=e1s1')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://shib.service.company.com/idp/profile/SAML2/Redirect/SSO;jsessionid=9E63866BB9715BDC1FF333C2B9A8883E?execution=e1s1
[debug    ] Cookie set                     [webengine] name=ucinetid_auth
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ucinetid_auth', value='no_key')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Page loaded                    [webengine] url=https://login.company.com/ucinetid/webauth?return_url=https://shib.service.company.com/idp/Authn/RemoteUser?conversation=e1s2
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://login.company.com/ucinetid/webauth?return_url=https://shib.service.company.com/idp/Authn/RemoteUser?conversation=e1s2')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://login.company.com/ucinetid/webauth?return_url=https://shib.service.company.com/idp/Authn/RemoteUser?conversation=e1s2
[debug    ] Cookie set                     [webengine] name=ucinetid_auth
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ucinetid_auth', value='AzqNTdfLl2StTATDOQHDtGEw009lpgwnQJ9awq6687ILlaiwwbd1c712zH7fPtlZ')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Page loaded                    [webengine] url=https://login.company.com/ucinetid/webauth?return_url=https://shib.service.company.com/idp/Authn/RemoteUser?conversation=e1s2
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://login.company.com/ucinetid/webauth?return_url=https://shib.service.company.com/idp/Authn/RemoteUser?conversation=e1s2')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://login.company.com/ucinetid/webauth?return_url=https://shib.service.company.com/idp/Authn/RemoteUser?conversation=e1s2
[debug    ] Cookie set                     [webengine] name=_xsrf
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='_xsrf', value='"NzBjNWI2OTFhZTU3NGQ4MjliNTk5NTVjOGRhN2NkNGQ=|xxx.xxx.xxx.xxx|1234567890|cd63339e7a2a2e4cd61b73c3661f0d133b72845a"')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Page loaded                    [webengine] url=https://login.company.com/duo/webauth?return_url=https%3A%2F%2Fshib.service.company.com%2Fidp%2FAuthn%2FRemoteUser%3Fconversation%3De1s2
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://login.company.com/duo/webauth?return_url=https%3A%2F%2Fshib.service.company.com%2Fidp%2FAuthn%2FRemoteUser%3Fconversation%3De1s2')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://login.company.com/duo/webauth?return_url=https%3A%2F%2Fshib.service.company.com%2Fidp%2FAuthn%2FRemoteUser%3Fconversation%3De1s2
js: JQMIGRATE: jQuery.parseJSON is deprecated; use JSON.parse
js: JQMIGRATE: jQuery.fn.keypress() event shorthand is deprecated
js: JQMIGRATE: jQuery.fn.keydown() event shorthand is deprecated
[debug    ] Cookie set                     [webengine] name=cookietest
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='cookietest', value='1')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Cookie set                     [webengine] name=fdc|DI5OCA2PW93F6CIDK583|DU6WHJOVYT3QRJXKO89P
[debug    ] Cookie set                     [webengine] name=hac|DU6WHJOVYT3QRJXKO89P|DAXN5GYZT302FJRPXZQL
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='fdc|DI5OCA2PW93F6CIDK583|DU6WHJOVYT3QRJXKO89P', value='REk1T0NBMlBXOTNGNkNJREs1ODN8RFU2V0hKT1ZZVDNRUkpYS084OVB8M2U0N2RlYjEtYmFjNy00NDgzLWJhNTItOWIyMTYxYmExZGU1||1664342513|46f75b710db21f0a16fda8d384012b27edc49d71')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='hac|DU6WHJOVYT3QRJXKO89P|DAXN5GYZT302FJRPXZQL', value='|xxx.xxx.xxx.xxx|1234567890|dcde01005ebee7cfd4b78c6dfb4b0082a296a59d')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Cookie set                     [webengine] name=shib_idp_session
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='shib_idp_session', value='9b518829925286f9809ee16230bd95efdd6c615e5094ecd0615c7b67b2087491')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Page loaded                    [webengine] url=https://shib.service.company.com/idp/profile/SAML2/Redirect/SSO;jsessionid=9E63866BB9715BDC1FF333C2B9A8883E?execution=e1s3
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://shib.service.company.com/idp/profile/SAML2/Redirect/SSO;jsessionid=9E63866BB9715BDC1FF333C2B9A8883E?execution=e1s3')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://shib.service.company.com/idp/profile/SAML2/Redirect/SSO;jsessionid=9E63866BB9715BDC1FF333C2B9A8883E?execution=e1s3
[debug    ] Page loaded                    [webengine] url=https://shib.service.company.com/idp/profile/SAML2/Redirect/SSO;jsessionid=9E63866BB9715BDC1FF333C2B9A8883E?execution=e1s3
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://shib.service.company.com/idp/profile/SAML2/Redirect/SSO;jsessionid=9E63866BB9715BDC1FF333C2B9A8883E?execution=e1s3')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://shib.service.company.com/idp/profile/SAML2/Redirect/SSO;jsessionid=9E63866BB9715BDC1FF333C2B9A8883E?execution=e1s3
[debug    ] Cookie set                     [webengine] name=webvpnlogin
[debug    ] Page loaded                    [webengine] url=https://vpn.company.com/+CSCOE+/saml/sp/acs?tgname=Company
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='webvpnlogin', value='1')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://vpn.company.com/+CSCOE+/saml/sp/acs?tgname=Company')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://vpn.company.com/+CSCOE+/saml/sp/acs?tgname=Company
[debug    ] Cookie set                     [webengine] name=webvpnlogin
[debug    ] Cookie set                     [webengine] name=acSamlv2Token
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='webvpnlogin', value='1')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='acSamlv2Token', value='6B2B167C59B7596F041DD44')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Page loaded                    [webengine] url=https://vpn.company.com/+webvpn+/index.html
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://vpn.company.com/+webvpn+/index.html')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://vpn.company.com/+webvpn+/index.html
[debug    ] Page loaded                    [webengine] url=https://vpn.company.com/+CSCOE+/saml_ac_login.html
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://vpn.company.com/+CSCOE+/saml_ac_login.html')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser] 
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://vpn.company.com/+CSCOE+/saml_ac_login.html
[info     ] Terminate requested.           [webengine] 
[info     ] Exiting browser                [webengine] 
[info     ] Browser exited                 [openconnect_sso.browser.browser] 
[debug    ] Sending auth finish request    [openconnect_sso.authenticator] content=b'<?xml version=\'1.0\' encoding=\'UTF-8\'?>\n<config-auth client="vpn" type="auth-reply" aggregate-auth-version="2">\n  <version who="vpn">4.7.00136</version>\n  <device-id>linux-64</device-id>\n  <session-token/>\n  <session-id/>\n  <opaque is-for="sg">\n    <tunnel-group>Company</tunnel-group>\n    <auth-method>single-sign-on-v2</auth-method>\n    <group-alias>Default-Company</group-alias>\n    <config-hash>1659023304101</config-hash>\n  </opaque>\n  <auth>\n    <sso-token>6B2B167C59B7596F041DD44</sso-token>\n  </auth>\n</config-auth>\n'
https://vpn.company.com:443 "POST / HTTP/1.1" 200 None
[debug    ] Auth finish response received  [openconnect_sso.authenticator] content=b'<?xml version="1.0" encoding="UTF-8"?>\n<config-auth client="vpn" type="auth-request" aggregate-auth-version="2">\n<opaque is-for="sg">\n<tunnel-group>Company</tunnel-group>\n<auth-method>single-sign-on-v2</auth-method>\n<group-alias>Default-Company</group-alias>\n<config-hash>1659023304101</config-hash>\n</opaque>\n<auth id="main">\n<title>Login</title>\n<message>Please enter your CompanynetID and password&#x0A;&#x0A;Use all lower case letters for your CompanynetID</message>\n<banner></banner>\n<error id="13" param1="" param2="">Unable to complete connection: Cisco Secure Desktop not installed on the client</error>\n<form>\n<select name="group_list" label="GROUP:">\n<option selected="true">Default-Company</option>\n<option>Housing</option>\n<option>Merage</option>\n<option>MerageFull</option>\n<option>PTS</option>\n<option>Company-Reserved</option>\n<option>Company-classic</option>\n<option>CompanyFull</option>\n<option>CompanyFull-classic</option>\n<option>WebVPN</option>\n</select>\n</form>\n</auth>\n<host-scan>\n<host-scan-ticket>2A3C1F262D3DD28123511E68</host-scan-ticket>\n<host-scan-token>0B8A1D8B6686E75A221A8B05</host-scan-token>\n<host-scan-base-uri>/CACHE</host-scan-base-uri>\n<host-scan-wait-uri>/+CSCOE+/sdesktop/wait.html</host-scan-wait-uri>\n</host-scan>\n</config-auth>\n'
[error    ] Required attributes not found in response ("no such child: sso-v2-login", does this endpoint do SSO?), exiting [openconnect_sso.app]
@joneswac
Copy link

I'm experiencing this as well. A simple flexibility in the XML parsing -- even accepting a custom <auth-method> string would suffice.

@unode
Copy link

unode commented Jan 9, 2024

I'm seeing this as well.
Does anyone have any suggestions or workarounds?

@Wojciechem
Copy link

what helped for me (with similar issue, I did not get to auth finish request before), was passing group in --server, like:

openconnect-sso --server vpn.company.domain/group

where "group" is the thing you can select from the list in cisco anyconnect client

@733amir
Copy link

733amir commented Jun 6, 2024

Getting the same error. I passed the option you select on cisco anyconnect dropdown to --authgroup GROUP and it worked for me.

@adminy
Copy link

adminy commented Jul 3, 2024

Solved with #181

@adminy adminy mentioned this issue Jul 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@unode @Wojciechem @733amir @adminy @joneswac @ccampb19