508003 – plasma-nm MFA connection to Cisco AnyConnect server only works for the first time if gateway url contains path after "/"

Bug 508003 - plasma-nm MFA connection to Cisco AnyConnect server only works for the first time if gateway url contains path after "/"

Summary: plasma-nm MFA connection to Cisco AnyConnect server only works for the first ...

Status:	REPORTED

Alias:	None

Product:	plasmashell
Classification:	Plasma
Component:	Networking in general (other bugs)
Version First Reported In:	6.4.3
Platform:	Arch Linux Linux

Importance:	NOR normal
Target Milestone:	1.0
Assignee:	Plasma Bugs List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-08-08 02:37 UTC by bsrdev
Modified:	2025-08-24 22:18 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Connection settings (149.62 KB, image/png) 2025-08-13 04:57 UTC, bsrdev	Details
MFA prompt (42.12 KB, image/png) 2025-08-13 04:58 UTC, bsrdev	Details
Regular prompt (35.83 KB, image/png) 2025-08-13 04:59 UTC, bsrdev	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description bsrdev 2025-08-08 02:37:34 UTC

My organization uses Cisco AnyConnect gateway url like "anycon.mysite.org/multi", which uses a window with multifactor authentication. Plasma-nm works with it after configuring for the first time. Hovewer, attempting to connect again after disconnecting seemingly uses url before "/", because it still connects to the gateway, but prompts for regular login/password pair without MFA.
Changing some setting in connection editor back and forth (e.g. Reported OS) resets it and it works again, for one more time.

Comment 1 TraceyC 2025-08-11 20:57:26 UTC

Thanks for filing this bug report. Unfortunately there isn't enough information for us to try to figure out what's happening. Please add information about your system as requested in the bug report template. Copy and paste this with the information into a new comment.

SUMMARY


STEPS TO REPRODUCE
1. 
2. 
3. 

OBSERVED RESULT


EXPECTED RESULT


SOFTWARE/OS VERSIONS
Windows: 
macOS: 
(available in the Info Center app, or by running `kinfo` in a terminal window)
Linux/KDE Plasma: 
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION


Thanks for your understanding

Comment 2 bsrdev 2025-08-13 04:57:33 UTC

Created attachment 184024 [details]
Connection settings

Comment 3 bsrdev 2025-08-13 04:57:58 UTC

SUMMARY
plasma-nm seemingly connects to wrong AnyConnect gateway url after the first time.

STEPS TO REPRODUCE
1. Set up plasma-nm openconnect with Cisco AnyConnect MFA url containing path after "/", e.g. "anycon.mysite.org/multi".
2. Connect for the first time, see MFA prompt, pass it and connect successfully.
3. Disconnect from the network/restart PC.
4. Try to connect to the same network again.

OBSERVED RESULT
Regular login/password pair prompt appears, not MFA.

EXPECTED RESULT
MFA prompt appears.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Arch Linux kernel 6.16.0-rc2-1 (same with mainstream)
KDE Plasma Version: 6.4.4
KDE Frameworks Version: 6.17.0
Qt Version: 6.9.1

ADDITIONAL INFORMATION
Configuring no MFA url without "/multi", e.g. "anycon.mysite.org", yields same prompt as connecting for the second time to MFA url. Not allowed for external connections in my organization, so won't succeed.
Attached screenshots.

Comment 4 bsrdev 2025-08-13 04:58:36 UTC

Created attachment 184025 [details]
MFA prompt

Comment 5 bsrdev 2025-08-13 04:59:00 UTC

Created attachment 184026 [details]
Regular prompt