I have a couple of problems I'm hoping to get some help with. First, openconnect is sending my token in the wrong field; the server I'm connecting to expects it in the secondary_password field. I can connect fine when entering the credentials manually. Is there a way to specify the field to use for the token? Or to switch them around? Secondly, even when using --passwd-on-stdin, I am prompted for a password. I'm not sure if this is related to the mixup above. Stoken is configured with no password and the pin is stored; I can run `stoken` and it prints out a token with no interaction required. Here's the command I'm running, and the output I'm seeing(with things redacted of course): echo 'password' | openconnect --user=myusername --token-mode=rsa https://myserver.tld/ --passwd-on-stdin -vvvv --timestamp --dump-http-traffic [2017-12-28 16:24:16] Soft token init was successful. [2017-12-28 16:24:16] POST REDACTED [2017-12-28 16:24:16] Attempting to connect to server REDACTED:443 [2017-12-28 16:24:16] SSL negotiation with REDACTED [2017-12-28 16:24:16] Connected to HTTPS on REDACTED [2017-12-28 16:24:16] > POST REDACTED HTTP/1.1 [2017-12-28 16:24:16] > Host: REDACTED [2017-12-28 16:24:16] > User-Agent: Open AnyConnect VPN Agent v7.06 [2017-12-28 16:24:16] > Accept: */* [2017-12-28 16:24:16] > Accept-Encoding: identity [2017-12-28 16:24:16] > X-Transcend-Version: 1 [2017-12-28 16:24:16] > X-Aggregate-Auth: 1 [2017-12-28 16:24:16] > X-AnyConnect-Platform: linux-64 [2017-12-28 16:24:16] > X-Support-HTTP-Auth: true [2017-12-28 16:24:16] > X-Pad: 00000000000000000000000 [2017-12-28 16:24:16] > Content-Type: application/x-www-form-urlencoded [2017-12-28 16:24:16] > Content-Length: 233 [2017-12-28 16:24:16] > [2017-12-28 16:24:16] > <?xml version="1.0" encoding="UTF-8"?> [2017-12-28 16:24:16] > <config-auth client="vpn" type="init"><version who="vpn">v7.06</version><device-id>linux-64</device-id><group-access>REDACTED</group-access></config-auth> [2017-12-28 16:24:16] Got HTTP response: HTTP/1.1 200 OK [2017-12-28 16:24:16] Content-Type: text/html; charset=utf-8 [2017-12-28 16:24:16] Transfer-Encoding: chunked [2017-12-28 16:24:16] Cache-Control: no-cache [2017-12-28 16:24:16] Pragma: no-cache [2017-12-28 16:24:16] Connection: Keep-Alive [2017-12-28 16:24:16] Date: Thu, 28 Dec 2017 16:24:16 GMT [2017-12-28 16:24:16] X-Frame-Options: SAMEORIGIN [2017-12-28 16:24:16] X-Aggregate-Auth: 1 [2017-12-28 16:24:16] HTTP body chunked (-2) [2017-12-28 16:24:16] < <?xml version="1.0" encoding="UTF-8"?> [2017-12-28 16:24:16] < <config-auth client="vpn" type="auth-request"> [2017-12-28 16:24:16] < <opaque is-for="sg"> [2017-12-28 16:24:16] < <tunnel-group>REDACTED</tunnel-group> [2017-12-28 16:24:16] < <config-hash>REDACTED</config-hash> [2017-12-28 16:24:16] < </opaque> [2017-12-28 16:24:16] < <auth id="main"> [2017-12-28 16:24:16] < <title>Login</title> [2017-12-28 16:24:16] < <message>Please enter your username and password.</message> [2017-12-28 16:24:16] < <banner></banner> [2017-12-28 16:24:16] < <form> [2017-12-28 16:24:16] < <input type="text" name="username" label="Username:"></input> [2017-12-28 16:24:16] < <input type="password" name="password" label="Password:"></input> [2017-12-28 16:24:16] < <input type="password" name="secondary_password" label="Password:"></input> [2017-12-28 16:24:16] < </form> [2017-12-28 16:24:16] < </auth> [2017-12-28 16:24:16] < </config-auth> [2017-12-28 16:24:16] OK to generate INITIAL tokencode [2017-12-28 16:24:16] XML POST enabled Please enter your username and password. Password: fgets (stdin): Inappropriate ioctl for device If I don't use the password on stdin and type it in manually, then the first attempt at entering my password fails, I see the request openconnect made gets and uses a correct token for the <password> field and my password for the <secondary_password> field, then logs a line saying it failed and makes me enter my credentials manually: [2017-12-28 16:35:05] Server is rejecting the soft token; switching to manual entry Login failed. Please enter your username and password. Username: <MYUSERNAME> Password: <MYPASSWORD> Password: <MYTOKEN> This connection request uses my password for the <password> field, and my token for the <secondary_password> field, and connects just fine. So I know all the pieces are working, but I'm trying to have this come up without any interaction required. My system: Ubuntu 16.04.3 LTS Openconnect 7.06-2build2 (From the official universe ubuntu package repository) Let me know if there are any other details I can provide. Thanks in advance for any help! Keith
