EasyManuals Logo
Home>Cisco>Network Hardware>ASA Series

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1828 background imageLoading...
Page #1828 background image
1-20
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Clientless SSL VPN
Using Single Sign-on with Clientless SSL VPN
Detailed Steps
This section presents general tasks, not a complete procedure. To configure the Cisco authentication
scheme on your SiteMinder Policy Server, perform the following steps:
Step 1 With the SiteMinder Administration utility, create a custom authentication scheme, being sure to use the
following specific arguments:
• In the Library field, enter smjavaapi.
• In the Secret field, enter the same secret configured on the ASA.
You configure the secret on the ASA using the policy-server-secret command at the command line
interface.
• In the Parameter field, enter CiscoAuthApi.
Step 2 Using your Cisco.com login, download the file cisco_vpn_auth.jar from
http://www.cisco.com/cisco/software/navigator.html and copy it to the default library directory for the
SiteMinder server. This .jar file is also available on the Cisco ASA CD.
Configuring SSO Authentication Using SAML Browser Post Profile
This section describes configuring the ASA to support Security Assertion Markup Language (SAML),
Version 1.1 POST profile Single Sign-On (SSO) for authorized users.
After a session is initiated, the ASA authenticates the user against a configured AAA method. Next, the
ASA (the asserting party) generates an assertion to the relying party, the consumer URL service provided
by the SAML server. If the SAML exchange succeeds, the user is allowed access to the protected
resource. Figure 1-3 shows the communication flow:
Figure 1-3 SAML Communication Flow
Prerequisites
To configure SSO with an SAML Browser Post Profile, you must perform the following tasks:
• Specify the SSO server with the sso-server command.
• Specify the URL of the SSO server for authentication requests (the assertion-consumer-url
command)
• Specify the ASA hostname as the component issuing the authentication request (the issuer
command)
• Specify the trustpoint certificates use for signing SAML Post Profile assertions (the trustpoint
command)
250105
User
Browser
User Login
Access to
Applications
Security
Applications
SAML SSO
Assertion
Redirection to
Applications
Portal (with
cookie)
SAML
Server
Protected
Resource
URL
(Web Agent)

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
BrandCisco
ModelASA Series
CategoryNetwork Hardware
LanguageEnglish

Related product manuals