37-9
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 37 Configuring WebVPN
Getting Started with WebVPN
• Refer to the CA SiteMinder documentation for the complete procedure for adding a custom
authentication scheme.
To configure the Cisco authentication scheme on your SiteMinder Policy Server, perform these
following tasks:
Step 1 With the Siteminder Administration utility, create a custom authentication scheme being sure to use the
following specific arguments:
• In the Library field, enter smjavaapi.
• In the Secret field, enter the same secret configured on the security appliance.
You configure this on the security appliance with either the policy-server-secret command at the
command line interface or in the Secret Key field of the Add SSO Server dialog in ASDM.
• In the Parameter field, enter CiscoAuthAPI.
Step 2 Copy the file cisco_vpn_auth.jar from the CD to the default library directory for the SiteMinder server.
Configuring SSO with the HTTP Form Protocol
This section describes using the HTTP Form protocol for SSO. HTTP Form protocol is a common
approach to SSO authentication that can also qualify as a AAA method. It provides a secure method for
exchanging authentication information between WebVPN users and authenticating web servers. As a
common protocol, it is highly compatible with web servers and web-based SSO products, and you can
use it in conjunction with other AAA servers such as RADIUS or LDAP servers.
Note To configure SSO with the HTTP protocol correctly, you must have a thorough working knowledge of
authentication and HTTP protocol exchanges.
The security appliance again serves as a proxy for WebVPN users to an authenticating web server but,
in this case, it uses HTTP Form protocol and the POST method for requests. You must configure the
security appliance to send and receive form data. Figure 37-1 illustrates the following SSO
authentication steps:
1. A WebVPN user first enters a username and password to log into the WebVPN server on the security
appliance.
2. The WebVPN server acts as a proxy for the user and forwards the form data (username and
password) to an authenticating web server using a POST authentication request.
3. If the authenticating web server approves the user data, it returns an authentication cookie to the
WebVPN server where it is stored on behalf of the user.
4. The WebVPN server establishes a tunnel to the user.
5. The user can now access other websites within the protected SSO environment without reentering a
username and password.
To Next Page
Loading...
Need help?
General