Unable to parse response from login.microsoftonline.com using F5 BIG-IP SSL VPN protocol

[stemann]

Any suggestions for getting VPN log-in going for login.microsoftonline.com (using user name, password and a MFA/2FA token).

The following should work from anywhere - error is displayed even for bogus user name and empty password and TOTP secret (it is not required):

$ openconnect-sso -l DEBUG -s vpn.posten.cloud --user [email protected] -- --protocol=f5
Using selector: EpollSelector
Loading KWallet
Loading SecretService
Loading Windows
Loading chainer
Loading libsecret
Loading macOS
[info     ] Cannot retrieve saved password from keyring. [openconnect_sso.config] 
Password ([email protected]): 
[info     ] Cannot save password to keyring. [openconnect_sso.config] 
[info     ] Cannot retrieve saved totp info from keyring. [openconnect_sso.config] 
TOTP secret (leave blank if not required) ([email protected]): 
[info     ] Cannot save totp secret to keyring. [openconnect_sso.config] 
[info     ] Authenticating to VPN endpoint [openconnect_sso.app] address=vpn.posten.cloud name=
Starting new HTTPS connection (1): vpn.posten.cloud:443
https://vpn.posten.cloud:443 "GET / HTTP/1.1" 302 0
Resetting dropped connection: vpn.posten.cloud
https://vpn.posten.cloud:443 "GET /my.policy HTTP/1.1" 302 0
Starting new HTTPS connection (1): login.microsoftonline.com:443
https://login.microsoftonline.com:443 "GET /a1ae5425-0bde-496e-8c5a-8a06b0d94277/oauth2/authorize?client_id=58e9a1ee-3df4-4b03-95dd-67bffdb518d5&redirect_uri=https%3A%2F%2Fvpn.posten.cloud%2Foauth%2Fclient%2Fredirect&response_type=code&scope=openid&state=5R9EQYWn9QtLYul57wMo7lQ&nonce=5ezwKAuMBLoQuynHdHLeHfQ HTTP/1.1" 200 14179
[debug    ] Auth target url                [openconnect_sso.authenticator] url=https://login.microsoftonline.com:443/a1ae5425-0bde-496e-8c5a-8a06b0d94277/oauth2/authorize
[debug    ] Sending auth init request      [openconnect_sso.authenticator] content=b'<?xml version=\'1.0\' encoding=\'UTF-8\'?>\n<config-auth client="vpn" type="init" aggregate-auth-version="2">\n  <version who="vpn">4.7.00136</version>\n  <device-id>linux-64</device-id>\n  <group-select></group-select>\n  <group-access>https://login.microsoftonline.com:443/a1ae5425-0bde-496e-8c5a-8a06b0d94277/oauth2/authorize</group-access>\n  <capabilities>\n    <auth-method>single-sign-on-v2</auth-method>\n  </capabilities>\n</config-auth>\n'
Starting new HTTPS connection (1): login.microsoftonline.com:443
https://login.microsoftonline.com:443 "POST /a1ae5425-0bde-496e-8c5a-8a06b0d94277/oauth2/authorize HTTP/1.1" 200 20096
[debug    ] Auth init response received    [openconnect_sso.authenticator] content=b'\r\n\r\n<!-- Copyright (C) Microsoft Corporation. All rights reserved. -->\r\n<!DOCTYPE html>\r\n<html dir="ltr" class="" lang="en">\r\n<head>\r\n    <title>Sign in to your account</title>\r\n    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">\r\n    <meta http-equiv="X-UA-Compatible" content="IE=edge">\r\n    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">\r\n    <meta http-equiv="Pragma" content="no-cache">\r\n    <meta http-equiv="Expires" content="-1">\r\n    <link rel="preconnect" href="https://aadcdn.msauth.net" crossorigin>\r\n<meta http-equiv="x-dns-prefetch-control" content="on">\r\n<link rel="dns-prefetch" href="//aadcdn.msauth.net">\r\n<link rel="dns-prefetch" href="//aadcdn.msftauth.net">\r\n\r\n    <meta name="PageID" content="ConvergedError" />\r\n    <meta name="SiteID" content="" />\r\n    <meta name="ReqLC" content="1033" />\r\n    <meta name="LocLC" content="en-US" />\r\n\r\n        <meta name="referrer" content="origin" />\r\n\r\n        <meta name="format-detection" content="telephone=no" />\r\n\r\n    <noscript>\r\n        <meta http-equiv="Refresh" content="0; URL=" />\r\n    </noscript>\r\n\r\n    \r\n    \r\n<meta name="robots" content="none" />\r\n\r\n<script type="text/javascript">//<![CDATA[\n$Config={"iErrorDesc":0,"iErrorTitle":0,"strMainMessage":"We received a bad request.","strAdditionalMessage":"","strServiceExceptionMessage":"AADSTS90013: Invalid input received from the user.","strTraceId":"14ff5aa7-ad27-46e5-8171-d6304393c300","iErrorCode":90013,"iHttpErrorCode":400,"iViewId":1,"urlCancel":"","strTimestamp":"2023-10-27T09:54:14Z","fShowIssuerHintErrorStrings":true,"urlLearnMoreRiskyApp":"https://go.microsoft.com/fwlink/?linkid=2133457","oResumePostParams":{},"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://aadcdn.msauth.net/shared/1.0/","urlDefaultFavicon":"https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlFooterTOU":"https://www.microsoft.com/en-US/servicesagreement/","urlFooterPrivacy":"https://privacy.microsoft.com/en-US/privacystatement","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://login.microsoftonline.com/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fIsRemoteNGCSupported":true,"fUseSameSite":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fMergeComplexBrandingProperties":true,"fUseAltText":true,"fRemoveCustomCss":true,"fAddRtlCustomCssSupport":true,"fFixLightboxHeaderMargin":true,"fFixUICrashForApiRequestHandler":true,"fDeprecateBrandingProperties":true,"fFixDynamicTenantBranding":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"scid":1013,"hpgact":1800,"hpgid":1117,"pgid":"ConvergedError","apiCanary":"PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPQwwngwi2eYbYs5ShAkiE8CsaFpQVlVSGl0r5SZ7wFcWLJ1JVI_WIAHIYG5StaydmhihGTpJV5dRvYa6LJjhXzbDt0PICOkH1tzaZGl7vcvAy0mxlORghpFNzqMTWBqw0KdSZt4uV1BiuiVcTjMFCOCKmEaCiQGeJgj5QvGF1IWmTEGfDwA-P_X1t8FOVFRoJIAO7muER9xSbqONpOLYu4SAA","canary":"e4C+HslPyFmQRQgfLderLn0fBL0tQI9jPgvxZGpGXXE=3:1:CANARY:yyBbFTuq8t/tGl8yf0TLNiMcI0luo5Gij/kS6Z8osV0=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"b1587c15-8b75-420e-8865-0128184833c9","sessionId":"14ff5aa7-ad27-46e5-8171-d6304393c300","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in"}},"enums":{"ClientMetricsModes":{"None":0,"SubmitOnPost":1,"SubmitOnRedirect":2,"InstrumentPlt":4}},"urls":{"instr":{"pageload":"https://login.microsoftonline.com/common/instrumentation/reportpageload","dssostatus":"https://login.microsoftonline.com/common/instrumentation/dssostatus"}},"browser":{"ltr":1,"_Linux":1,"Full":1,"RE_Other":1,"b":{"name":"Other","major":-1,"minor":-1},"os":{"name":"Linux","version":""},"V":-1},"watson":{"url":"/common/handlers/watson","bundle":"https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js","sbundle":"https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js","fbundle":"https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js","resetErrorPeriod":5,"maxCorsErrors":-1,"maxInjectErrors":5,"maxErrors":10,"maxTotalErrors":3,"expSrcs":["https://login.microsoftonline.com","https://aadcdn.msauth.net/","https://aadcdn.msftauth.net/",".login.microsoftonline.com"],"envErrorRedirect":true,"envErrorUrl":"/common/handlers/enverror"},"loader":{"cdnRoots":["https://aadcdn.msauth.net/","https://aadcdn.msftauth.net/"],"logByThrowing":true},"serverDetails":{"slc":"ProdSlices","dc":"WEULR1","ri":"AM2XXXX","ver":{"v":[2,1,16571,6]},"rt":"2023-10-27T09:54:14","et":0},"clientEvents":{"enabled":true,"telemetryEnabled":true,"useOneDSEventApi":true,"flush":60000,"autoPost":true,"autoPostDelay":1000,"minEvents":1,"maxEvents":1,"pltDelay":500,"appInsightsConfig":{"instrumentationKey":"b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951","webAnalyticsConfiguration":{"autoCapture":{"jsError":true}}},"defaultEventName":"IDUX_ESTSClientTelemetryEvent_WebWatson","serviceID":3,"endpointUrl":"https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/"},"fApplyAsciiRegexOnInput":true,"fBreakBrandingSigninString":true,"fTrimChromeBssoUrl":true,"inlineMode":5,"fTenantBrandingCdnAddEventHandlers":true};\n//]]></script> \r\n<script type="text/javascript">//<![CDATA[\n!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{\nvar c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,\nu=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){\nfor(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){\nr.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){\nreturn f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" \'"+(r.src||r.href||"")+"\'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){\nvar r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0}\nif(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("integrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){\nvar r=g.createElement("script"),t=g.querySelector("script[nonce]");if(r.type="text/javascript",r.src=e,r.defer=!1,r.async=!1,t){var n=t.nonce||t.getAttribute("nonce");r.setAttribute("nonce",n)}return r}function s(e,r){var t=g.createElement(r);return t.src=e,t}function d(e,r){if(e&&e.length>0&&r){for(var t=0;t<e.length;t++){if(-1!==r.indexOf(e[t])){return!0}}}return!1}function l(r){if(e().fTenantBrandingCdnAddEventHandlers){var t=d($,r)?$:b;if(!(t&&t.length>1)){return r}for(var n=0;n<t.length;n++){\nif(-1!==r.indexOf(t[n])){var o=t[n+1<t.length?n+1:0],i=r.substring(t[n].length);return"https://"!==t[n].substring(0,"https://".length)&&(o="https://"+o,i=i.substring("https://".length)),o+i}}return r}if(!(b&&b.length>1)){return r}for(var a=0;a<b.length;a++){if(0===r.indexOf(b[a])){return b[a+1<b.length?a+1:0]+r.substring(b[a].length)}}return r}function f(e,t,n,o){if(r("[$Loader]: "+(w.failMessage||"Failed"),o),E[e].retry<y){return E[e].retry++,v(e,t,n),void c._ReportFailure(E[e].retry,E[e].srcPath)}n&&n()}\nfunction h(e,t,n,o){if(u(o)){return f(e,t,n,o)}r("[$Loader]: "+(w.successMessage||"Loaded"),o),v(e+1,t,n);var i=E[e].onSuccess;"function"==typeof i&&i(E[e].srcPath)}function v(e,o,i){if(e<E.length){var a=E[e];if(!a||!a.srcPath){return void v(e+1,o,i)}a.retry>0&&(a.srcPath=l(a.srcPath),a.origId||(a.origId=a.id),a.id=a.origId+"_Retry_"+a.retry);var s=n(a.srcPath,a.id,a.integrity,a.tagName);s.onload=function(){h(e,o,i,s)},s.onerror=function(){f(e,o,i,s)},s.onreadystatechange=function(){\n"loaded"===s.readyState?setTimeout(function(){h(e,o,i,s)},500):"complete"===s.readyState&&h(e,o,i,s)},t(s),r("[$Loader]: Loading \'"+(a.srcPath||"")+"\', id:"+(a.id||""))}else{o&&o()}}var p=e(),y=p.slMaxRetry||2,m=p.loader||{},b=m.cdnRoots||[],$=m.tenantBrandingCdnRoots||[],w=this,E=[];w.retryOnError=!0,w.successMessage="Loaded",w.failMessage="Error",w.Add=function(e,r,t,n,o,i){e&&E.push({"srcPath":e,"id":r,"retry":n||0,"integrity":t,"tagName":o||"script","onSuccess":i})},w.AddForReload=function(e,r){\nvar t=e.src||e.href||"";w.Add(t,"AddForReload",e.integrity,1,e.tagName,r)},w.AddIf=function(e,r,t){e&&w.Add(r,t)},w.Load=function(e,r){v(0,e,r)}}var d,l,f=window,g=f.document,h=".css";c.On=function(e,r,t){if(!e){throw"The target element must be provided and cannot be null."}r?c.OnError(e,t):c.OnSuccess(e,t)},c.OnSuccess=function(e,t){if(!e){throw"The target element must be provided and cannot be null."}if(u(e)){return c.OnError(e,t)}var n=e.src||e.href||"",o=i(),s=a();r("[$Loader]: Loaded",e);var d=new c\n;d.failMessage="Reload Failed",d.successMessage="Reload Success",d.Load(null,function(){if(o){throw"Unexpected state. ResourceLoader.Load() failed despite initial load success. [\'"+n+"\']"}s&&(document.location.href="/error.aspx?err=504")})},c.OnError=function(e,t){var n=e.src||e.href||"",o=i(),s=a();if(!e){throw"The target element must be provided and cannot be null."}r("[$Loader]: Failed",e);var u=new c;u.failMessage="Reload Failed",u.successMessage="Reload Success",u.AddForReload(e,t),\nu.Load(null,function(){if(o){throw"Failed to load external resource [\'"+n+"\']"}s&&(document.location.href="/error.aspx?err=504")}),c._ReportFailure(0,n)},c._ReportFailure=function(e,r){if(s()&&!t()){throw"[Retry "+e+"] Failed to load external resource [\'"+r+"\'], reloading from fallback CDN endpoint"}},f.$Loader=c}(),function(){function e(){if(!$){var e=new v.$Loader;e.AddIf(!v.jQuery,y.sbundle,"WebWatson_DemandSupport"),y.sbundle=null,delete y.sbundle,e.AddIf(!v.$Api,y.fbundle,"WebWatson_DemandFramework"),\ny.fbundle=null,delete y.fbundle,e.Add(y.bundle,"WebWatson_DemandLoaded"),e.Load(r,t),$=!0}}function r(){if(v.$WebWatson){if(v.$WebWatson.isProxy){return void t()}m.when("$WebWatson.full",function(){for(;b.length>0;){var e=b.shift();e&&v.$WebWatson[e.cmdName].apply(v.$WebWatson,e.args)}})}}function t(){if(!v.$WebWatson||v.$WebWatson.isProxy){if(!w&&JSON){try{var e=new XMLHttpRequest;e.open("POST",y.url),e.setRequestHeader("Accept","application/json"),\ne.setRequestHeader("Content-Type","application/json; charset=UTF-8"),e.setRequestHeader("canary",p.apiCanary),e.setRequestHeader("client-request-id",p.correlationId),e.setRequestHeader("hpgid",p.hpgid||0),e.setRequestHeader("hpgact",p.hpgact||0);for(var r=-1,t=0;t<b.length;t++){if("submit"===b[t].cmdName){r=t;break}}var o=b[r]?b[r].args||[]:[],i={"sr":y.sr,"ec":"Failed to load external resource [Core Watson files]","wec":55,"idx":1,"pn":p.pgid||"","sc":p.scid||0,"hpg":p.hpgid||0,\n"msg":"Failed to load external resource [Core Watson files]","url":o[1]||"","ln":0,"ad":0,"an":!1,"cs":"","sd":p.serverDetails,"ls":null,"diag":h(y)};e.send(JSON.stringify(i))}catch(e){}w=!0}y.loadErrorUrl&&window.location.assign(y.loadErrorUrl)}n()}function n(){b=[],v.$WebWatson=null}function o(r){return function(){var t=arguments;b.push({"cmdName":r,"args":t}),e()}}function i(){var e=["foundException","resetException","submit"],r=this;r.isProxy=!0;for(var t=e.length,n=0;n<t;n++){var i=e[n];i&&(r[i]=o(i))}\n}function a(e,r,t,n,o,i,a){var s=v.event;return i||(i=l(o||s,a?a+2:2)),v.$Debug&&v.$Debug.appendLog&&v.$Debug.appendLog("[WebWatson]:"+(e||"")+" in "+(r||"")+" @ "+(t||"??")),L.submit(e,r,t,n,o||s,i,a)}function s(e,r){return{"signature":e,"args":r,"toString":function(){return this.signature}}}function u(e){for(var r=[],t=e.split("\\n"),n=0;n<t.length;n++){r.push(s(t[n],[]))}return r}function c(e){for(var r=[],t=e.split("\\n"),n=0;n<t.length;n++){var o=s(t[n],[]);t[n+1]&&(o.signature+="@"+t[n+1],n++),r.push(o)\n}return r}function d(e){if(!e){return null}try{if(e.stack){return u(e.stack)}if(e.error){if(e.error.stack){return u(e.error.stack)}}else if(window.opera&&e.message){return c(e.message)}}catch(e){}return null}function l(e,r){var t=[];try{for(var n=arguments.callee;r>0;){n=n?n.caller:n,r--}for(var o=0;n&&o<E;){var i="InvalidMethod()";try{i=n.toString()}catch(e){}var a=[],u=n.args||n.arguments;if(u){for(var c=0;c<u.length;c++){a[c]=u[c]}}t.push(s(i,a)),n=n.caller,o++}}catch(e){t.push(s(e.toString(),[]))}\nvar l=d(e);return l&&(t.push(s("--- Error Event Stack -----------------",[])),t=t.concat(l)),t}function f(e){if(e){try{var r=/function (.{1,})\\(/,t=r.exec(e.constructor.toString());return t&&t.length>1?t[1]:""}catch(e){}}return""}function g(e){if(e){try{if("string"!=typeof e&&JSON&&JSON.stringify){var r=f(e),t=JSON.stringify(e);return t&&"{}"!==t||(e.error&&(e=e.error,r=f(e)),(t=JSON.stringify(e))&&"{}"!==t||(t=e.toString())),r+":"+t}}catch(e){}}return""+(e||"")}function h(e){var r=[];try{\nif(jQuery?(r.push("jQuery v:"+jQuery().jquery),jQuery.easing?r.push("jQuery.easing:"+JSON.stringify(jQuery.easing)):r.push("jQuery.easing is not defined")):r.push("jQuery is not defined"),e&&e.expectedVersion&&r.push("Expected jQuery v:"+e.expectedVersion),m){var t,n="";for(t=0;t<m.o.length;t++){n+=m.o[t]+";"}for(r.push("$Do.o["+n+"]"),n="",t=0;t<m.q.length;t++){n+=m.q[t].id+";"}r.push("$Do.q["+n+"]")}if(v.$Debug&&v.$Debug.getLogs){var o=v.$Debug.getLogs();o&&o.length>0&&(r=r.concat(o))}if(b){\nfor(var i=0;i<b.length;i++){var a=b[i];if(a&&"submit"===a.cmdName){try{if(JSON&&JSON.stringify){var s=JSON.stringify(a);s&&r.push(s)}}catch(e){r.push(g(e))}}}}}catch(e){r.push(g(e))}return r}var v=window,p=v.$Config||{},y=p.watson,m=v.$Do;if(!v.$WebWatson&&y){var b=[],$=!1,w=!1,E=10,L=v.$WebWatson=new i;L.CB={},L._orgErrorHandler=v.onerror,v.onerror=a,L.errorHooked=!0,m.when("jQuery.version",function(e){y.expectedVersion=e}),m.register("$WebWatson")}}(),function(){function e(e,r){\nfor(var t=r.split("."),n=t.length,o=0;o<n&&null!==e&&void 0!==e;){e=e[t[o++]]}return e}function r(r){var t=null;return null===u&&(u=e(i,"Constants")),null!==u&&r&&(t=e(u,r)),null===t||void 0===t?"":t.toString()}function t(t){var n=null;return null===a&&(a=e(i,"$Config.strings")),null!==a&&t&&(n=e(a,t.toLowerCase())),null!==n&&void 0!==n||(n=r(t)),null===n||void 0===n?"":n.toString()}function n(e,r){var n=null;return e&&r&&r[e]&&(n=t("errors."+r[e])),n||(n=t("errors."+e)),n||(n=t("errors."+c)),n||(n=t(c)),n}\nfunction o(t){var n=null;return null===s&&(s=e(i,"$Config.urls")),null!==s&&t&&(n=e(s,t.toLowerCase())),null!==n&&void 0!==n||(n=r(t)),null===n||void 0===n?"":n.toString()}var i=window,a=null,s=null,u=null,c="GENERIC_ERROR";i.GetString=t,i.GetErrorString=n,i.GetUrl=o}(),function(){var e=window,r=e.$Config||{};e.$B=r.browser||{}}();\n//]]></script> \r\n<script type="text/javascript">//<![CDATA[\n!function(t,e){!function(){var n=e.getElementsByTagName("head")[0];n&&n.addEventListener&&(n.addEventListener("error",function(e){null!==e.target&&"cdn"===e.target.getAttribute("data-loader")&&t.$Loader.OnError(e.target)},!0),n.addEventListener("load",function(e){null!==e.target&&"cdn"===e.target.getAttribute("data-loader")&&t.$Loader.OnSuccess(e.target)},!0))}()}(window,document);\n//]]></script>\r\n\r\n        <link rel="prefetch" href="" />\r\n            <link rel="shortcut icon" href="https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico" />\r\n\r\n    <script type="text/javascript">\r\n        ServerData = $Config;\r\n    </script>\r\n\r\n\r\n    \r\n    <link data-loader="cdn" crossorigin="anonymous" href="https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css" rel="stylesheet" />\r\n\r\n    <script data-loader="cdn" crossorigin="anonymous" src="https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedError_Core_8Lzol80BJFO3rA9QRjsGNA2.js" integrity=\'sha384-lJIfnjq2wOIY4/Uf4dh6fKbHUg74g+jYwdpaLz8yyii3bNbuo1+QCMNiBXOxIWMp\'></script>\r\n\r\n    <script data-loader="cdn" crossorigin="anonymous" src="https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.error.strings-en.min_mmkkdgavn_abhm5tkx01ba2.js"></script>\r\n\r\n\r\n</head>\r\n\r\n<body data-bind="defineGlobals: ServerData, bodyCssClass" class="cb remove-segoe-ui-symbol" style="display: none">\r\n    <script type="text/javascript">//<![CDATA[\n!function(){var e=window,o=e.document,i=e.$Config||{};if(e.self===e.top){o&&o.body&&(o.body.style.display="block")}else if(!i.allowFrame){var s=e.self.location.href,l=s.indexOf("#"),n=-1!==l,t=s.indexOf("?"),f=n?l:s.length,d=-1===t||n&&t>l?"?":"&";s=s.substr(0,f)+d+"iframe-request-id="+i.sessionId+s.substr(f),e.top.location=s}}();\n//]]></script>\r\n    \r\n</body>\r\n</html>'
Traceback (most recent call last):
  File "/home/vagrant/.local/bin/openconnect-sso", line 8, in <module>
    sys.exit(main())
  File "/home/vagrant/.local/pipx/venvs/openconnect-sso/lib/python3.10/site-packages/openconnect_sso/cli.py", line 175, in main
    return app.run(args)
  File "/home/vagrant/.local/pipx/venvs/openconnect-sso/lib/python3.10/site-packages/openconnect_sso/app.py", line 35, in run
    auth_response, selected_profile = asyncio.get_event_loop().run_until_complete(
  File "/usr/lib/python3.10/asyncio/base_events.py", line 649, in run_until_complete
    return future.result()
  File "/home/vagrant/.local/pipx/venvs/openconnect-sso/lib/python3.10/site-packages/openconnect_sso/app.py", line 152, in _run
    auth_response = await authenticate_to(
  File "/home/vagrant/.local/pipx/venvs/openconnect-sso/lib/python3.10/site-packages/openconnect_sso/authenticator.py", line 23, in authenticate
    response = self._start_authentication()
  File "/home/vagrant/.local/pipx/venvs/openconnect-sso/lib/python3.10/site-packages/openconnect_sso/authenticator.py", line 68, in _start_authentication
    return parse_response(response)
  File "/home/vagrant/.local/pipx/venvs/openconnect-sso/lib/python3.10/site-packages/openconnect_sso/authenticator.py", line 138, in parse_response
    xml = objectify.fromstring(resp.content)
  File "src/lxml/objectify.pyx", line 2010, in lxml.objectify.fromstring
  File "src/lxml/etree.pyx", line 3257, in lxml.etree.fromstring
  File "src/lxml/parser.pxi", line 1916, in lxml.etree._parseMemoryDocument
  File "src/lxml/parser.pxi", line 1803, in lxml.etree._parseDoc
  File "src/lxml/parser.pxi", line 1144, in lxml.etree._BaseParser._parseDoc
  File "src/lxml/parser.pxi", line 618, in lxml.etree._ParserContext._handleParseResultDoc
  File "src/lxml/parser.pxi", line 728, in lxml.etree._handleParseResult
  File "src/lxml/parser.pxi", line 657, in lxml.etree._raiseParseError
  File "<string>", line 13
lxml.etree.XMLSyntaxError: Specification mandates value for attribute crossorigin, line 13, column 72

Versions:

$ openconnect-sso --version
openconnect-sso 0.8.1

$ openconnect --version
OpenConnect version v8.20-1
Using GnuTLS 3.7.3. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array
Default vpnc-script (override with --script): /usr/share/vpnc-scripts/vpnc-script

$ cat /etc/os-release 
PRETTY_NAME="Ubuntu 22.04 LTS"