On 10/4/18 11:23 AM, David Woodhouse wrote: > Ah, I suspect the issue here is that the "form" at the end isn't > actually asking for anything. So we fail to parse it (or at least fail > to send any kind of response). > > We should send back the hostscan token even if there's no username or > password or anything else. David, Is the <authentication-complete> tag the key to this, by any chance?? I'm just guessing (I don't know the protocol) but I don't see it being handled in the code. I tried adding some code to handle it but I'm not really sure what to do with it; my first attempt failed (i.e. exiting handle_auth_form() with OC_FORM_RESULT_OK if the tag has been seen). Thanks, ~ray
