Cisco ASA 5505 User Manual

Page 1611

Advertising
background image

74-25

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Using Single Sign-on with Clientless SSL VPN

Detailed Steps

Step 1

Start your browser and HTTP header analyzer, and connect directly to the web server login page without
going through the ASA.

Step 2

After the web server login page has loaded in your browser, examine the login sequence to determine if
a cookie is being set during the exchange. If the web server has loaded a cookie with the login page,
configure this login page URL as the start-URL.

Step 3

Enter the username and password to log in to the web server, and press Enter. This action generates the
authentication POST request that you examine using the HTTP header analyzer.

An example POST request—with host HTTP header and body—follows:

POST

/emco/myemco/authc/forms/MCOlogin.fcc?TYPE=33554433&REALMOID=06-000430e1-7443-125c-ac05

-83846dc90034&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$5FZmjnk3DRNwNjk2KcqVCFbIr

NT9%2bJ0H0KPshFtg6rB1UV2PxkHqLw%3d%3d&TARGET=https%3A%2F%2Fwww.example.com%2Femco%2Fmye

mco%2FHTTP/1.1

Host: www.example.com

(BODY)

SMENC=ISO-8859-1&SMLOCALE=US-EN&USERID=Anyuser&USER_PASSWORD=XXXXXX&target=https%3A%2F%

2Fwww.example.com%2Femco%2Fmyemco%2F&smauthreason=0

Step 4

Examine the POST request and copy the protocol, host, and the complete URL to configure the action-uri
parameter.

Step 5

Examine the POST request body and copy the following:

a.

Username parameter. In the preceding example, this parameter is USERID, not the value anyuser.

b.

Password parameter. In the preceding example, this parameter is USER_PASSWORD.

c.

Hidden parameter. This parameter is everything in the POST body except the username and
password parameters. In the preceding example, the hidden parameter is:
SMENC=ISO-8859-1&SMLOCALE=US-EN&target=https%3A%2F%2Fwww.example.com%2Fe
mco%2Fmyemco%2F&smauthreason=0

Figure 74-5

highlights the action URI, hidden, username and password parameters within sample output

from an HTTP analyzer. This is only an example; output varies widely across different websites.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals