Configuring sso authentication using siteminder – Cisco ASA 5505 User Manual

Page 1601

Advertising

74-15

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Using Single Sign-on with Clientless SSL VPN

Configuring SSO Authentication Using SiteMinder

This section describes configuring the ASA to support SSO with SiteMinder. You would typically
choose to implement SSO with SiteMinder if your website security infrastucture already incorporates
SiteMinder. With this method, SSO authentication is separate from AAA and happens once the AAA
process completes.

Prerequisites

•

Specifying the SSO server.

•

Specifying the URL of the SSO server to which the ASA makes SSO authentication requests.

•

Specifying a secret key to secure the communication between the ASA and the SSO server. This key
is similar to a password: you create it, save it, and enter it on both the ASA and the SiteMinder Policy
Server using the Cisco Java plug-in authentication scheme.

Optionally, you can do the following configuration tasks in addition to the required tasks:

•

Configuring the authentication request timeout.

•

Configuring the number of authentication request retries.

Restrictions

If you want to configure SSO for a user or group for clientless SSL VPN access, you must first configure
a AAA server, such as a RADIUS or LDAP server. You can then set up SSO support for clientless SSL
VPN.

Detailed Steps

This section presents specific steps for configuring the ASA to support SSO authentication with CA
SiteMinder. To configure SSO with SiteMinder, perform the following steps:

Command

Purpose

Step 1

webvpn

Switches to webvpn configuration mode.

Step 2

sso-server

with the type option

Example:

hostname(config)# webvpn

hostname(config-webvpn)# sso-server Example type

siteminder

hostname(config-webvpn-sso-siteminder)#

Creates an SSO server.

Creates an SSO server named Example of type
siteminder.

Step 3

config-webvpn-sso-siteminder

Switches to site minder configuration mode.

Step 4

web-agent-url

Example:

hostname(config-webvpn-sso-siteminder)#

web-agent-url http://www.Example.com/webvpn

hostname(config-webvpn-sso-siteminder)#

Specifies the authentication URL of the SSO server.

Sends authentication requests to the URL
http://www.Example.com/webvpn.

Advertising

This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands

Popular manuals