Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.bugs.dist > #1270498

Bug#1099497: Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Unauthorized - Cisco AnyConnect external authentication (SAML) when connecting to /CSCOSSLC/tunnel

From Salvatore Bonaccorso <carnil@debian.org>
Newsgroups linux.debian.bugs.dist
Subject Bug#1099497: Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Unauthorized - Cisco AnyConnect external authentication (SAML) when connecting to /CSCOSSLC/tunnel
Date 2025-11-17 14:20 +0100
Message-ID <LS7jc-dDNX-5@gated-at.bofh.it> (permalink)
References <KmttT-3tCf-5@gated-at.bofh.it> <LCcPU-2Ib5-15@gated-at.bofh.it> <KmttT-3tCf-5@gated-at.bofh.it> <LCcPU-2Ib5-15@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

Control: tags -1 + patch

Hi Luca, hi all following this bug,

As I believe this issue affects quite some users in institutions I'm
aware of -- after having got updates on the Cisco ASA side -- with VPN
clients resulting in not able to connect (think of not going dong to
the openconnect cli, but using via NetworkManager), I have prepared a
MR for this issue.

It is at https://salsa.debian.org/debian/openconnect/-/merge_requests/8

I'm open to propose it as NMU, and then work with the SRM to get the
same as well accepted at least for trixie in a next point release (I
know htere is one other yet open, and which was not accepted for the
13.2 point release yet).

I'm not sure yet if it is possible to backport the same to bookworm
for oldstable via the next point release, but would like to work on it
first top-down.

I'm not attaching a proposed debdiff, as the changes as for the
unstable version (modulo the NMU changelog entry) are in the merge
request !8.

Please reconsider the severity of wishlist, I think important would
be more appropriate here, as the issue renders some functional issues
for users. In some cases apparently down to the CLI using
--gnutls-priority argumetns as needed or --no-external-auth might
work, but that does not help users which use NetworkManager to
configure the VPN connection.

Thanks for your work on this package!

Regards,
Salvatore

Back to linux.debian.bugs.dist | Previous | NextNext in thread | Find similar | Unroll thread

Thread

Bug#1099497: Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Unauthorized - Cisco AnyConnect external authentication (SAML) when connecting to /CSCOSSLC/tunnel Salvatore Bonaccorso <carnil@debian.org> - 2025-11-17 14:20 +0100
  Bug#1099497: Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Unauthorized - Cisco AnyConnect external authentication (SAML) when connecting to /CSCOSSLC/tunnel Salvatore Bonaccorso <carnil@debian.org> - 2025-12-10 08:40 +0100
    Bug#1099497: Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Unauthorized - Cisco AnyConnect external authentication (SAML) when connecting to /CSCOSSLC/tunnel "Barak A. Pearlmutter" <barak@cs.nuim.ie> - 2025-12-10 11:20 +0100

csiph-web