Pulse: Password change request not supported

Joerg Mayer <jmayer@xxxxxxxxx> · Thu, 12 Dec 2019 03:45:43 +0100

Hello,

every N days, openconnect fails because after entering my credentials,
I'd need to change my password, which is not supported in openconnect:

# openconnect --passwd-on-stdin --printcookie --background --protocol=nc --user=<user> --resolve=<host>:<ip> --servercert pin-sha256:<servercerthash> https://<host>/<group>
GET https://<host>/<group>
Connected to <ip>:443
SSL negotiation with <host>
Server certificate verify failed: signer not found
Connected to HTTPS on <host>
Got HTTP response: HTTP/1.1 302 Found
GET https://<host>/dana-na/auth/url_IdCusHyh0Dq3HApz/welcome.cgi
SSL negotiation with <host>
Server certificate verify failed: signer not found
Connected to HTTPS on <host>
frmLogin
password#2:
POST https://<host>/dana-na/auth/url_IdCusHyh0Dq3HApz/login.cgi
Got HTTP response: HTTP/1.1 302 Moved
GET https://<host>/dana-na/auth/url_IdCusHyh0Dq3HApz/welcome.cgi?p=passwordChange&stateId=state_598a2539f8f54058a3be22394a409ec6&type=2
Unknown form ID 'frmChgPasswd'
Dumping unknown HTML form:
<form id="frmChgPasswd_5" autocomplete="off" method="post" name="frmChgPasswd" action="welcome.cgi">
     <table id="table_PasswordChange_3">
        <input id="username_17" type="hidden" name="username" value="dkx89om">
        <input id="authserver_7" type="hidden" name="authserver" value="3">
        <input id="realmId_7" type="hidden" name="realmId" value="3">
        <input id="p_12" type="hidden" name="p" value="passwordChange">
        <input id="stateId_5" type="hidden" name="stateId" value="state_598a2539f8f54058a3be22394a409ec6">
        <tr>
                <td colspan="2">&nbsp;</td>
        </tr>
        <tr>
                        <td>Old Password</td>
                        <td><input id="oldPassword_3" type="password" name="oldPassword" size="20"></td>
                        <td>&nbsp;</td>
                        <td>&nbsp;</td>
        </tr>
        <tr>
                        <td>New Password</td>
                        <td><input id="newPassword_3" type="password" size="20" name="newPassword"></td>
                        <td>&nbsp;</td>
                        <td>&nbsp;</td>
        </tr>
        <tr>
                        <td>Confirm Password</td>
                        <td><input id="confirmPassword_3" type="password" size="20" name="confirmPassword"></td>
                        <td>&nbsp;</td>
                        <td>&nbsp;</td>
        </tr>
        <tr>
                        <td>&nbsp;</td>
                        <td><input id="passwordChange_3" type="submit" name="passwordChange" value="Change Password"></td>
                        <td>&nbsp;</td>
                        <td>&nbsp;</td>
        </tr>
     </table>
     </form>Failed to obtain WebVPN cookie

Password2 is an OTP.

With older versions of openconnect, I would rerun my wrapper script in
interactive mode and change my password. Looks like this stopped working.
Please note that this was not necessariliy caused by an openconnect change
but may have been caused by an update of the serversoftware which occurred
as well since I was last required to change my password.

Is there a way to properly handle password change requests in openconnect?
A workaround is simple enough - connect via browser and change the password,
but a native solution would be preferred :-)

Kind regards
    Jörg

-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel