Open connect is missing two critical features required in order to substitue for Cisco AnyConnect.
Openconnect is missing support for the –authgroup parameter to be passed so it knows what authentication profile to use. The current implementation is just shoving the username/password at openconnect causing the connection be be rejected because it don’t know what authentication group to use. Ideally the openconnect client should have a dropdown allowing the user to select which profile they need, but at a minimum there should be an inputbox on the session config screen for an admin to specify the group name, or even full command line parameters.
The username/password dialog is also missing the “Secondary Password” field. This is used for multi-factor and OTP authentication (Google Auth, DUO, etc) and is critical in high security/regulated environments (financial sector, etc). The Cisco Anyconnect client is smart enough to know by the Auth Group chosen if it needs to show/hide the secondary password field.)