Comment 5 for bug 1968790

I don't think this is an openconnect issue? Or are you handling network manager issues there too? I see the Ubuntu patch was merged upstream since this was opened?

"External browser" would be nice, but IT says we can't turn it on, needs some upgrade, and CISCO says not to use it:

 The saml external-browser command is for migration purposes for those upgrading to AnyConnect 4.6
 or later. Because of security limitations, use this solution only as part of a temporary migration
 while upgrading AnyConnect software. The command itself will be depreciated in the future.

Since the latest Anyconnect client on Windows got the integrated browser upgraded to Edge and now supports all security key flows I'm not optimistic our deployment will ever enable it.

So what we really want to see is something like network-manager-openconnect that can support webauthn, with CTAP2 support, but that seems alarmingly hard :(