On Sun, Feb 16, 2014 at 7:32 AM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: > On 02/16/2014 10:25 AM, Steve wrote: >> AnyConnect iOS client, input wrong password when connect will lead to >> "unexpected error" after a long time(5-8s) other than reprompt user >> credential input. > > What is the expected error to be sent from anyconnect servers when a > wrong password is sent? On ocserv I see a "503 Service Unavailable" response and the client gives up. On nearly all ASAs I see a "200 OK" HTTP response and a "Login failed" message. Like a login form on a website. (Although there was one recent post regarding a server that returned "204 No Content" in non-xmlpost mode; still don't know what was going on there.) POST https://asa/ > POST / HTTP/1.1 > Host: asa > User-Agent: Open AnyConnect VPN Agent v5.03-177-gff2c518 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Aggregate-Auth: 1 > X-AnyConnect-Platform: linux-64 > X-Pad: 000000000000000000000000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 412 > > <?xml version="1.0" encoding="UTF-8"?> > <config-auth client="vpn" type="auth-reply"><version who="vpn">v5.03-177-gff2c518</version><device-id>linux-64</device-id><opaque is-for="sg"> > <tunnel-group>default</tunnel-group> > <group-alias>d</group-alias> > <config-hash>1392005870113</config-hash> > </opaque><auth><username>baduser</username><password>badpass</password></auth><group-select>d</group-select></config-auth> Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Sun, 16 Feb 2014 16:27:39 GMT X-Aggregate-Auth: 1 HTTP body chunked (-2) < <?xml version="1.0" encoding="UTF-8"?> < <config-auth client="vpn" type="auth-request"> < <version who="sg">8.4(4)5</version> < <opaque is-for="sg"> < <tunnel-group>default</tunnel-group> < <group-alias>d</group-alias> < <config-hash>1392005870113</config-hash> < </opaque> < <auth id="main"> < <title>Login</title> < <message>Please enter your username and password.</message> < <error id="15" param1="" param2="">Login failed.</error> < <form> < <input type="text" name="username" label="Username:"></input> < <input type="password" name="password" label="Password:"></input> < <select name="group_list" label="GROUP:"> < <option>alt</option> < <option selected="true">d</option> < </select> < </form> < </auth> < </config-auth> Login failed. Please enter your username and password. Username:
