I was, up until very recently, using openconnect and NetworkManager-openconnect to connect to my work VPN. I had a private hack to make the stoken stuff work (it was submitted in an email on this list) as well as another hack to deal with our token form not having the same expected form type. A couple of weeks ago we moved to a whole new login flow, where we now are redirected to a saml login page for authentication and then prompted to choose one of two types of MFA access - token code or mobile application notification based. With the more complicated flow I've had to switch back to the pulse secure client which embeds a webkitgtk UI to handle those flows. Just curious but is there anyone working on some similar flow support with NetworkManager-openconnect? I'm guessing that this type of authentication is way outside of the scope of openconnect's built in html client. (Pulse Secure's cli client can't handle this login flow either). Unfortunately I'm so removed from c/c++ programming that I wouldn't even know where to begin on something like this, but just wondering if there's anything on the horizon I can help with, even if it's just being able to test stuff. Thanks,
