Unable to connect to VPN that require CSD

[Mucka]

I am trying to connect to the VPN that require CSD, although whole process goes perfect (with --no-sandbox chromium engine flag), in the end VPN refuses to connect because CSD fails. How should I enable CSD in openconnect?

$ openconnect-sso --server vpn.xx.com --user "[email protected]" --authgroup "xxx-xxx" -l DEBUG -- --csd-wrapper=csd-post.sh --protocol=anyconnect
...
[debug    ] Auth finish response received  [openconnect_sso.authenticator] content=b'<?xml version="1.0" encoding="UTF-8"?>\n<config-auth client="vpn" type="auth-request" aggregate-auth-version="2">\n<opaque is-for="sg">\n<tunnel-group>xxx-ssl-vpn-grp</tunnel-group>\n<auth-method>single-sign-on-v2</auth-method>\n<group-alias>xxx-xxx</group-alias>\n<config-hash>XXXXXXXXX</config-hash>\n</opaque>\n<auth id="main">\n<title>Login</title>\n<message>Please enter your username and password.</message>\n<banner></banner>\n<error id="13" param1="" param2="">Unable to complete connection: Cisco Secure Desktop not installed on the client</error>\n<form>\n<select name="group_list" label="GROUP:">\n<option selected="true">xxx-xxx</option>\n</select>\n</form>\n</auth>\n<host-scan>\n<host-scan-ticket>XXXXXXXXXXXXXXXXX</host-scan-ticket>\n<host-scan-token>XXXXXXXXXXXXXXXXXXXXXXX</host-scan-token>\n<host-scan-base-uri>/CACHE</host-scan-base-uri>\n<host-scan-wait-uri>/+CSCOE+/sdesktop/wait.html</host-scan-wait-uri>\n</host-scan>\n</config-auth>\n'
[error    ] Required attributes not found in response ("no such child: sso-v2-login", does this endpoint do SSO?), exiting [openconnect_sso.app]