Support AnyConnect single-sign-on-v2

Advertise support for auth-method single-sign-on-v2. This, combined with not sending X-AnyConnect-Platform and X-Support-HTTP-Auth, allows one to complete a web-based SSO authentication. Server replies with a response like:

<?xml version="1.0" encoding="UTF-8"?>
<config-auth client="vpn" type="auth-request" aggregate-auth-version="2">
<opaque is-for="sg">
<tunnel-group>standard-group</tunnel-group>
<auth-method>single-sign-on-v2</auth-method>
<group-alias>Anyconnect</group-alias>
<config-hash>1584128676139</config-hash>
</opaque>
<auth id="main">
<title>Login</title>
<message>Please complete the authentication process in the AnyConnect Login window.</message>
<banner></banner>
<sso-v2-login>https://SERVER_NAME/+CSCOE+/saml/sp/login?tgname=standard-group&#x26;acsamlcap=v2</sso-v2-login>
<sso-v2-login-final>https://SERVER_NAME/+CSCOE+/saml_ac_login.html</sso-v2-login-final>
<sso-v2-token-cookie-name>acSamlv2Token</sso-v2-token-cookie-name>
<sso-v2-error-cookie-name>acSamlv2Error</sso-v2-error-cookie-name>
<form>
<input type="sso" name="sso-token"></input>
<select name="group_list" label="GROUP:">
<option selected="true">Anyconnect</option>
</select>
</form>
</auth>
</config-auth>

If either X-AnyConnect-Platform or X-Support-HTTP-Auth is present, then this response is not received, and a 302 redirect to the "standard" auth flow is given. However, this auth flow does not work on my VPN server; presumably it is administratively disabled.

Once you get the above response, you can open the URL from sso-v2-login in your browser and complete the steps. Eventually you end up at the URL from sso-v2-login-final, and then you can extract the cookie with the name in sso-v2-token-cookie-name (acSamlv2Token, in this case). openconnect promts for that value, and once you provide it, the VPN connection is established.

Neither samlwebcookie nor openconnect-sso, mentioned in #84, worked for me.