vlaci/openconnect-sso

'[error ] Could not finish authentication. Invalid response type in current state' after 2FA complete without issue.

diegoxcn opened this issue · 6 comments

Hi Team,

I'm running openconnect-sso on Raspberry Pi 4B+ with Rasp OS 64-bit.

I've encountered weird problem, my openconnect-sso could successfully load login page, and even complete 2FA by authenticator successfully, but then it will  get this error and terminate:
[error    ] Could not finish authentication. Invalid response type in current state
I did test on my ubuntu virtual machine, and got the same error, it could possibly be the server end configure difference, but I'm new to openconnect-sso, may need your expertise to troubleshoot this problem.

Would it possibly be any configure issue from my side? How could I improve the situation?

I would love to provide as much as information for troubleshooting.

Here's the full debug message:
raspi:~ $ openconnect-sso -s "vpn.mycompany.com/VPN" --authgroup ssl -u user@mycompany.com -l debug    1 (24.618s)
Using selector: EpollSelector
Loading KWallet
Loading SecretService
Loading Windows
Loading chainer
Loading libsecret
Loading macOS
[info     ] Cannot retrieve saved password from keyring. [openconnect_sso.config]
Password (user@mycompany.com):
[info     ] Cannot save password to keyring. [openconnect_sso.config]
[info     ] Authenticating to VPN endpoint [openconnect_sso.app] address=vpn.mycompany.com/VPN name=ssl
Starting new HTTPS connection (1): vpn.mycompany.com:443
https://vpn.mycompany.com:443 "GET /ANY_VPN HTTP/1.1" 200 98
[debug    ] Auth target url                [openconnect_sso.authenticator] url=https://vpn.mycompany.com/VPN
[debug    ] Sending auth init request      [openconnect_sso.authenticator] content=b'<?xml version=\'1.0\' encoding=\'UTF-8\'?>\n<config-auth client="vpn" type="init" aggregate-auth-version="2">\n  <version who="vpn">4.7.00136</version>\n  <device-id>linux-64</device-id>\n  <group-select>ssl</group-select>\n  <group-access>https://vpn.mycompany.com/VPN</group-access>\n  <capabilities>\n    <auth-method>single-sign-on-v2</auth-method>\n  </capabilities>\n</config-auth>\n'
Starting new HTTPS connection (1): vpn.mycompany.com:443
https://vpn.mycompany.com:443 "POST /ANY_VPN HTTP/1.1" 200 None
[debug    ] Auth init response received    [openconnect_sso.authenticator] content=b'<?xml version="1.0" encoding="UTF-8"?>\n<config-auth client="vpn" type="auth-request" aggregate-auth-version="2">\n<opaque is-for="sg">\n<tunnel-group>ANY_VPN_test</tunnel-group>\n<auth-method>single-sign-on-v2</auth-method>\n<config-hash>1670847137524</config-hash>\n</opaque>\n<auth id="main">\n<title>Login</title>\n<message>Please complete the authentication process in the AnyConnect Login window.</message>\n<banner></banner>\n<sso-v2-login>https://vpn.mycompany.com/+CSCOE+/saml/sp/login?tgname=ANY_VPN_test&#x26;acsamlcap=v2</sso-v2-login>\n<sso-v2-login-final>https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html</sso-v2-login-final>\n<sso-v2-logout>https://vpn.mycompany.com/+CSCOE+/saml/sp/logout</sso-v2-logout>\n<sso-v2-logout-final>https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html</sso-v2-logout-final>\n<sso-v2-token-cookie-name>acSamlv2Token</sso-v2-token-cookie-name>\n<sso-v2-error-cookie-name>acSamlv2Error</sso-v2-error-cookie-name>\n<form>\n<input type="sso" name="sso-token"></input>\n</form>\n</auth>\n</config-auth>\n'
[info     ] Response received              [openconnect_sso.authenticator] id=main message=Please complete the authentication process in the AnyConnect Login window. title=Login
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[info     ] Browser started                [webengine] startup_info=StartupInfo(url='https://vpn.mycompany.com/+CSCOE+/saml/sp/login?tgname=ANY_VPN_test&acsamlcap=v2', credentials=Credentials(username='user@mycompany.com'))
[info     ] Loading page                   [webengine] url=https://vpn.mycompany.com/+CSCOE+/saml/sp/login?tgname=VPN_test&acsamlcap=v2
[info     ] Initiating autologin           [webengine] cred=Credentials(username='user@mycompany.com')
[info     ] Cannot retrieve saved password from keyring. [openconnect_sso.config]
[debug    ] Cookie set                     [webengine] name=fpc
[debug    ] Cookie set                     [webengine] name=CCState
[debug    ] Cookie set                     [webengine] name=ESTSAUTHPERSISTENT
[debug    ] Cookie set                     [webengine] name=brcap
[debug    ] Cookie set                     [webengine] name=ch
[debug    ] Cookie set                     [webengine] name=wlidperf
[debug    ] Cookie set                     [webengine] name=buid
[debug    ] Cookie set                     [webengine] name=clrc
[debug    ] Cookie set                     [webengine] name=fpc
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='fpc', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='CCState', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ESTSAUTHPERSISTENT', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='brcap', value='0')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ch', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='wlidperf', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='buid', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='clrc', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='fpc', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Cookie set                     [webengine] name=webvpnLang
[debug    ] Cookie set                     [webengine] name=webvpnlogin
[debug    ] Cookie set                     [webengine] name=CSRFtoken
[debug    ] Cookie set                     [webengine] name=acsamlcap
[debug    ] Cookie set                     [webengine] name=tg
[debug    ] Cookie set                     [webengine] name=acSamlv2Error
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='webvpnLang', value='en')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='webvpnlogin', value='1')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='CSRFtoken', value='')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='acsamlcap', value='v2')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='tg', value='')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='acSamlv2Error', value='')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Cookie set                     [webengine] name=ESTSAUTHPERSISTENT
[debug    ] Cookie set                     [webengine] name=ESTSAUTH
[debug    ] Cookie set                     [webengine] name=ESTSAUTHLIGHT
[debug    ] Cookie set                     [webengine] name=ch
[debug    ] Cookie set                     [webengine] name=ESTSSC
[debug    ] Cookie set                     [webengine] name=buid
[debug    ] Cookie set                     [webengine] name=CCState
[debug    ] Cookie set                     [webengine] name=SignInStateCookie
[debug    ] Cookie set                     [webengine] name=fpc
[debug    ] Cookie set                     [webengine] name=esctx
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ESTSAUTHPERSISTENT', value='key_value')
[debug    ] Cookie set                     [webengine] name=x-ms-gateway-slice
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Cookie set                     [webengine] name=stsservicecookie
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ESTSAUTH', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ESTSAUTHLIGHT', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ch', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='ESTSSC', value='00')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='buid', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='CCState', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='SignInStateCookie', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='fpc', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='esctx', value='key_value_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='x-ms-gateway-slice', value='estsfd')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='stsservicecookie', value='estsfd')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Page loaded                    [webengine] url=url_omit
js: A cookie associated with a cross-site resource at https://vpn.mycompany.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='url_omit')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=url_omit
[debug    ] Page loaded                    [webengine] url=https://vpn.mycompany.com/+CSCOE+/saml/sp/acs?tgname=VPN_test
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://vpn.mycompany.com/+CSCOE+/saml/sp/acs?tgname=VPN_test')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://vpn.mycompany.com/+CSCOE+/saml/sp/acs?tgname=VPN_test
[debug    ] Cookie set                     [webengine] name=webvpnlogin
[debug    ] Cookie set                     [webengine] name=acSamlv2Error
[debug    ] Page loaded                    [webengine] url=https://vpn.mycompany.com/+webvpn+/index.html
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='webvpnlogin', value='1')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='acSamlv2Error', value='1')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://vpn.mycompany.com/+webvpn+/index.html')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://vpn.mycompany.com/+webvpn+/index.html
[debug    ] Cookie set                     [webengine] name=acsamlcap
[debug    ] Cookie set                     [webengine] name=acSamlv2Token
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='acsamlcap', value='')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=SetCookie(name='acSamlv2Token', value='')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Page loaded                    [webengine] url=https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html
[debug    ] Message received from browser  [openconnect_sso.browser.browser] message=Url(url='https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html')
[debug    ] Waiting for message from browser process [openconnect_sso.browser.browser]
[debug    ] Browser loaded page            [openconnect_sso.saml_authenticator] url=https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html
[info     ] Terminate requested.           [webengine]
[info     ] Exiting browser                [webengine]
[info     ] Browser exited                 [openconnect_sso.browser.browser]
[debug    ] Sending auth finish request    [openconnect_sso.authenticator] content=b'<?xml version=\'1.0\' encoding=\'UTF-8\'?>\n<config-auth client="vpn" type="auth-reply" aggregate-auth-version="2">\n  <version who="vpn">4.7.00136</version>\n  <device-id>linux-64</device-id>\n  <session-token/>\n  <session-id/>\n  <opaque is-for="sg">\n    <tunnel-group>ANY_VPN_test</tunnel-group>\n    <auth-method>single-sign-on-v2</auth-method>\n    <config-hash>1670847137524</config-hash>\n  </opaque>\n  <auth>\n    <sso-token></sso-token>\n  </auth>\n</config-auth>\n'
https://vpn.mycompany.com:443 "POST /VPN HTTP/1.1" 200 None
[debug    ] Auth finish response received  [openconnect_sso.authenticator] content=b'<?xml version="1.0" encoding="UTF-8"?>\n<config-auth client="vpn" type="auth-request" aggregate-auth-version="2">\n<opaque is-for="sg">\n<tunnel-group>ANY_VPN_test</tunnel-group>\n<auth-method>single-sign-on-v2</auth-method>\n<config-hash>1670847137524</config-hash>\n</opaque>\n<auth id="main">\n<title>Login</title>\n<message>Please complete the authentication process in the AnyConnect Login window.</message>\n<banner></banner>\n<error id="1">Unknown error.</error>\n<sso-v2-login>https://vpn.mycompany.com/+CSCOE+/saml/sp/login?tgname=VPN_test&#x26;acsamlcap=v2</sso-v2-login>\n<sso-v2-login-final>https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html</sso-v2-login-final>\n<sso-v2-logout>https://vpn.mycompany.com/+CSCOE+/saml/sp/logout</sso-v2-logout>\n<sso-v2-logout-final>https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html</sso-v2-logout-final>\n<sso-v2-token-cookie-name>acSamlv2Token</sso-v2-token-cookie-name>\n<sso-v2-error-cookie-name>acSamlv2Error</sso-v2-error-cookie-name>\n<form>\n<input type="sso" name="sso-token"></input>\n</form>\n</auth>\n</config-auth>\n'
[info     ] Response received              [openconnect_sso.authenticator] id=main message=Please complete the authentication process in the AnyConnect Login window. title=Login
[error    ] Could not finish authentication. Invalid response type in current state [openconnect_sso.authenticator] response=AuthRequestResponse(auth_id='main', auth_title='Login', auth_message='Please complete the authentication process in the AnyConnect Login window.', auth_error='Unknown error.', login_url='https://vpn.mycompany.com/+CSCOE+/saml/sp/login?tgname=VPN_test&acsamlcap=v2', login_final_url='https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html', token_cookie_name='acSamlv2Token', opaque=<Element opaque at 0x7f2cc2e7b9c0>)
Traceback (most recent call last):
  File "/home/xcn/.local/bin/openconnect-sso", line 8, in <module>
    sys.exit(main())
  File "/home/xcn/.local/lib/python3.8/site-packages/openconnect_sso/cli.py", line 169, in main
    return app.run(args)
  File "/home/xcn/.local/lib/python3.8/site-packages/openconnect_sso/app.py", line 34, in run
    auth_response, selected_profile = asyncio.get_event_loop().run_until_complete(
  File "/usr/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete
    return future.result()
  File "/home/xcn/.local/lib/python3.8/site-packages/openconnect_sso/app.py", line 139, in _run
    auth_response = await authenticate_to(
  File "/home/xcn/.local/lib/python3.8/site-packages/openconnect_sso/authenticator.py", line 50, in authenticate
    raise AuthenticationError(response)
openconnect_sso.authenticator.AuthenticationError: AuthRequestResponse(auth_id='main', auth_title='Login', auth_message='Please complete the authentication process in the AnyConnect Login window.', auth_error='Unknown error.', login_url='https://vpn.mycompany.com/+CSCOE+/saml/sp/login?tgname=VPN_test&acsamlcap=v2', login_final_url='https://vpn.mycompany.com/+CSCOE+/saml_ac_login.html', token_cookie_name='acSamlv2Token', opaque=<Element opaque at 0x7f2cc2e7b9c0>)
Rasp Pi config:
raspi:~ $ env
SHELL=/bin/bash
NO_AT_BRIDGE=1
PWD=/home/pi
LOGNAME=pi
XDG_SESSION_TYPE=tty
MOTD_SHOWN=pam
HOME=/home/pi
LANG=en_GB.UTF-8
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:
SSH_CONNECTION=172.16.10.234 7770 172.16.10.12 22
XDG_SESSION_CLASS=user
TERM=xterm-256color
USER=pi
SHLVL=1
XDG_SESSION_ID=7
XDG_RUNTIME_DIR=/run/user/1000
SSH_CLIENT=172.16.10.234 7770 22
PATH=/home/pi/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
SSH_TTY=/dev/pts/2
TEXTDOMAIN=Linux-PAM
_=/usr/bin/env

raspi:~ $ openconnect-sso --version
openconnect-sso 0.7.3

raspi:~ $ python3 --version
Python 3.9.2
If there's any more information would help, please kindly let me know, I'm more than happy to get it.

Much appreciated.

Cheers.

Recently, I started hitting this issue too

This problem occurs for me as well.
ASA was upgraded from 9.12.4 to 9.18.3.

JeeMo commented

I am experiencing this issue on Ubuntu 22.04 as well.

Aaand same issue with 0.8.0. Microsoft Azure-backed 2FA, if that matters.

dlm21 commented

"me too", on arch linux from aur, also using MS authenticator for 2FA. Might be related to having already authenticated with the authenticator in the past 24 hours, so it bypasses the expected 2FA page and would perhaps be fine if it didn't give up and exit ?

$ openconnect-sso --version
openconnect-sso 0.8.0

Edit: Note that it works fine if not passing the --user arg for auto form-fill
Edit - 2: removed due to red-herring
Edit - 3: It appears there is an CSRF check that is triggering when trying to auto-submit the form. I commented out the following lines from browser/webengine_process.py so that at least the credentials get autofilled from my wallet, I just have to click the submit button for it.

#        elif rule.action == "click":
#            statements.append(
#                f"""var elem = document.querySelector({selector}); if (elem) {{ elem.dispatchEvent(new Event("focus")); elem.click(); }}"""
#           )

removing that handler from get_selectors was enough of a workaround for me.

removing that handler from get_selectors was enough of a workaround for me.

Can confirm. Works for me as well. Thank you for debugging and documenting your findings, @dlm21 !