Gathering http form data – Cisco ASA 5505 User Manual

Page 1610

Advertising

74-24

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Using Single Sign-on with Clientless SSL VPN

Gathering HTTP Form Data

This section presents the steps for discovering and gathering necessary HTTP Form data. If you do not
know what parameters the authenticating web server requires, you can gather parameter data by
analyzing an authentication exchange using the following steps:

Prerequisites

These steps require a browser and an HTTP header analyzer.

Step 11

hidden-parameter

Example:

SMENC=ISO-8859-1&SMLOCALE=US-EN&target=https%3A%2F%2

Fwww.example.com%2Femco%2Fappdir%2FAreaRoot.do%3FEMC

OPageCode%3DENG&smauthreason=0

To specify this hidden parameter, enter the

following commands:

hostname(config)# aaa-server testgrp1 host

example.com

hostname(config-aaa-server-host)# hidden-parameter

SMENC=ISO-8859-1&SMLOCALE=US-EN&targe

hostname(config-aaa-server-host)# hidden-parameter

t=https%3A%2F%2Fwww.example.com%2Femc

hostname(config-aaa-server-host)# hidden-parameter

o%2Fappdir%2FAreaRoot.do%3FEMCOPageCo

hostname(config-aaa-server-host)# hidden-parameter

de%3DENG&smauthreason=0

hostname(config-aaa-server-host)#

Specifies hidden parameters for exchange with the
authenticating web server.

Shows an example hidden parameter excerpted from
a POST request. This hidden parameter includes
four form entries and their values, separated by &.
The four entries and their values are:

•

SMENC with a value of ISO-8859-1.

•

SMLOCALE with a value of US-EN.

•

target with a value of
https%3A%2F%2Fwww.example.com%2Femc
o%2Fappdir%2FAreaRoot.do.

•

%3FEMCOPageCode%3DENG.

•

smauthreason with a value of 0.

Step 12

(Optional)

auth-cookie-name

Example:

hostname(config-aaa-server-host)# auth-cookie-name

SsoAuthCookie

hostname(config-aaa-server-host)#

Specifies the name for the authentication cookie.

Specifies the authentication cookie name of
SsoAuthCookie.

Step 13

tunnel-group general-attributes

Switches to tunnel-group general-attributes mode.

Step 14

authentication-server-group

Example:

hostname(config)# tunnel-group testgroup

general-attributes

hostname(config-tunnel-general)#authentication-serve

r-group testgrp1

Configures a tunnel-group to use the SSO server
configured in the previous steps.

Configures the tunnel-group named /testgroup/ to
use the SSO server(s) named /testgrp1/”.

Command

Purpose

Advertising

This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands

Popular manuals