Cisco ASA 5505 User Manual

Page 1607

Advertising
background image

74-21

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Using Single Sign-on with Clientless SSL VPN

Figure 74-4

SSO Authentication Using HTTP Forms

While you would expect to configure form parameters that let the ASA include POST data such as the
username and password, you initially might not be aware of additional hidden parameters that the web
server requires. Some authentication applications expect hidden data which is neither visible to nor
entered by the user. You can, however, discover hidden parameters the authenticating web server expects
by making a direct authentication request to the web server from your browser without the ASA in the
middle acting as a proxy. Analyzing the web server response using an HTTP header analyzer reveals
hidden parameters in a format similar to the following:

<param name>=<URL encoded value>&<param name>=<URL encoded>

Some hidden parameters are mandatory and some are optional. If the web server requires data for a
hidden parameter, it rejects any authentication POST request that omits that data. Because a header
analyzer does not tell you if a hidden parameter is mandatory or not, we recommend that you include all
hidden parameters until you determine which are mandatory.

To configure SSO with the HTTP Form protocol, you must perform the following:

Configure the uniform resource identifier on the authenticating web server to receive and process
the form data (action-uri).

Configure the username parameter (user-parameter).

Configure the user password parameter (password-parameter).

You might also need to do the following tasks depending upon the requirements of authenticating web
server:

Configure a starting URL if the authenticating web server requires a pre-login cookie exchange
(start-url).

Configure any hidden authentication parameters required by the authenticating web server
(hidden-parameter).

Configure the name of an authentication cookie set by the authenticating web server
(auth-cookie-name).

148147

Web VPN

server

1

4

5

5

3

2

Auth Web

server

Other protected

web server

Tunnel

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals