On Thu, Jul 31, 2014 at 8:21 AM, Mark Kolmar <mark at burningrome.com> wrote: >> If you don't use "openconnect --token-mode" at all, can you log on by >> manually typing the appropriate password into each blank? > > > No. OpenConnect prompts for one password (not counting the one to access the > token). The website login page only displays 2 input fields, username and > password. This works on the old VPN where tokens are not used. > > The websites do have a page that has input fields for username and one-time > password. Whether I enter a possibly correct or definitely wrong one-time > password makes no difference. On submit, it continues to the login page. > There, prefix+tokencode and the AD password both fail. > > The company thinks the website will not work on the new VPN. I am starting > to get the impression that this Cisco VPN server with Cisco client > communicate differently, that it may not be possible for OpenConnect to pass > the required credentials in the expected way through HTTP over SSL. Could you please post or email the hostname so I can look at the auth form? Thanks.
