Cisco ASA 5505 User Manual

Page 1602

Advertising

background image

74-16

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Using Single Sign-on with Clientless SSL VPN

Adding the Cisco Authentication Scheme to SiteMinder

In addition to configuring the ASA for SSO with SiteMinder, you must also configure your CA
SiteMinder Policy Server with the Cisco authentication scheme, a Java plug-in you download from the
Cisco web site.

Prerequisites

Configuring the SiteMinder Policy Server requires experience with SiteMinder.

Step 5

policy-server-secret

Example:

hostname(config-webvpn-sso-siteminder)#

policy-server-secret AtaL8rD8!

hostname(config-webvpn-sso-siteminder)#

Specifies a secret key to secure the authentication
communication between the ASA and SiteMinder.

Creates a secret key AtaL8rD8!. You can create a
key of any length using any regular or shifted
alphanumeric character, but you must enter the same
key on both the ASA and the SSO server.

Step 6

request-timeout

Example:

hostname(config-webvpn-sso-siteminder)#

request-timeout 8

hostname(config-webvpn-sso-siteminder)#

Configures the number of seconds before a failed
SSO authentication attempt times out. The default
number of seconds is 5, and the possible range is 1
to 30.

Changes the number of seconds before a request
times out to 8.

Step 7

max-retry-attempts

Example:

hostname(config-webvpn-sso-siteminder)#

max-retry-attempts 4

hostname(config-webvpn-sso-siteminder)#

Configures the number of times the ASA retries a
failed SSO authentication attempt before the
authentication times out. The default is 3 retry
attempts, and the possible range is 1 to 5 attempts.

Configures the number of retries to 4.

Step 8

username-webvpn

group-policy-webvpn

If specifying authentication for a user.
If specifying authentication for a group.

Step 9

sso-server value

Example:

hostname(config)# username Anyuser attributes

hostname(config-username)# webvpn

hostname(config-username-webvpn)# sso-server value

Example

hostname(config-username-webvpn)#

Specifies the SSO authentication for either a group
or a user.

Assigns the SSO server named Example to the user
named Anyuser.

Step 10

test sso-server

Example:

hostname# test sso-server Example username Anyuser

INFO: Attempting authentication request to

sso-server Example for user Anyuser

INFO: STATUS: Success

hostname#

Tests the SSO server configuration.

Tests the SSO server named Example using the
username Anyuser.

Command

Purpose

Advertising

This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands

Popular manuals