Package Details: openconnect-sso 0.8.0-5

Git Clone URL: (read-only, click to copy)
Package Base: openconnect-sso
Description: Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication
Upstream URL:
Licenses: GPL3
Submitter: MrAnno
Maintainer: MrAnno
Last Packager: MrAnno
Votes: 12
Popularity: 0.67
First Submitted: 2020-02-17 16:40 (UTC)
Last Updated: 2023-08-11 11:06 (UTC)

Latest Comments

1 2 3 Next › Last »

Daklon commented on 2024-04-15 08:41 (UTC)

Hi! I'm also using this package to connect to the vpn at work. Also can confirm that removing the upper limit to the lxml made it work again for me, same change as @grkr.

I'm willing to comaintain this package @MrAnno

caddar commented on 2024-04-12 15:31 (UTC)

I'm also relying on this to connect to my universities VPN. I've tried the changes @bidskii did and also got it to work again - Thank you!

Since I rely on this, I would actually be willing to invest some time here - but to be honest, these kinds of auth workflows are always a bit scary :-)

What do you think would be required steps to get that stuff on track again?

fft commented on 2024-04-11 16:54 (UTC)

@bidskii, thank you for fork and making PKGBUILD. It works for me.

There is difference in behaviour though: previously I entered password and one-time code only one time per day, even if I disconnect VPN and connect it again. Now I must do this during every connect.

bidskii commented on 2024-04-09 23:21 (UTC)

@jal666 unfortunately no. Is there nothing else in the stack trace?

jal666 commented on 2024-04-09 16:49 (UTC) (edited on 2024-04-12 15:51 (UTC) by jal666)


I got your version built (via poetry, pipx, to $HOME/.local/bin/openconnect-sso):

$ openconnect-sso --version
openconnect-sso 0.8.1
$ openconnect-sso --server nameofserver --user=myuser@mydomain

  File "/usr/lib/python3.11/", line 236, in _b32decode
    raise binascii.Error('Non-base32 digit found') from None
binascii.Error: Non-base32 digit found

Any tips?

EDIT. Not to spam, full stack trace here:

EDIT2. I got bidskii's fork to work on a separate popOS machine and a separate arch machine. Though the issue remains on one arch box, it is not with his fork.

bidskii commented on 2024-04-08 09:58 (UTC)

I made a fork of upstream ( and made some PRs to try and fix a couple of things. I'm not particularly keen on being a maintainer though.

Outswayer commented on 2024-04-08 09:55 (UTC)

Since neither this nor upstream seem to be maintained right now, does anyone know of an alternative tool that works for this?

I don't know exactly what mechanisms it uses, but my work VPN requires me to use my 2FA in a browser to connect to our anyconnect vpn, and last i checked (probably a year ago) this was the only tool that worked.

tmrd commented on 2024-04-05 11:00 (UTC)

Looks like there is now a new separate issue with python-keyring having a major version bump to v25:

bidskii commented on 2024-03-29 05:35 (UTC)

@MrAnno are you still maintaining this?

grkr commented on 2024-03-20 15:27 (UTC)

I "fixed" the lxml version issue by patching out the upper limit.


diff -u -r openconnect-sso-0.8.0/PKG-INFO openconnect-sso-0.8.0-patched/PKG-INFO
--- openconnect-sso-0.8.0/PKG-INFO  2024-03-20 15:55:32.515937808 +0100
+++ openconnect-sso-0.8.0-patched/PKG-INFO  2024-03-20 15:55:48.942621134 +0100
@@ -26,7 +26,7 @@
 Requires-Dist: colorama (>=0.4,<0.5)
 Requires-Dist: importlib-metadata (>=3.10.0,<4.0.0); python_version < "3.8"
 Requires-Dist: keyring (>=21.1,<25.0.0)
-Requires-Dist: lxml (>=4.3,<5.0)
+Requires-Dist: lxml (>=4.3)
 Requires-Dist: prompt-toolkit (>=3.0.3,<4.0.0)
 Requires-Dist: pyxdg (>=0.26,<0.29)
 Requires-Dist: requests (>=2.22,<3.0)
diff -u -r openconnect-sso-0.8.0/ openconnect-sso-0.8.0-patched/
--- openconnect-sso-0.8.0/  2024-03-20 15:55:32.515937808 +0100
+++ openconnect-sso-0.8.0-patched/  2024-03-20 15:55:45.255950723 +0100
@@ -12,7 +12,7 @@
- 'lxml>=4.3,<5.0',
+ 'lxml>=4.3',

Seems to work fine for my use case.