Ldap Server Support; Sso Support For Webvpn With Http Forms; Local Database Support; User Profiles - Cisco PIX 500 Series Configuration Manual

Security appliance command line

Hide thumbs Also See for PIX 500 Series:

Administration manual (653 pages)

Quick start manual (72 pages)

User manual (60 pages)

Table of Contents

AAA Server and Local Database Support

The security appliance does not support changing user passwords during tunnel negotiation. To avoid

this situation happening inadvertently, disable password expiration on the Kerberos/Active Directory

server for users connecting to the security appliance.

For a simple Kerberos server configuration example, see

LDAP Server Support

The security appliance supports LDAP. For detailed information, see the

The security appliance can use the HTTP Form protocol for single sign-on (SSO) authentication of

WebVPN users only. Single sign-on support lets WebVPN users enter a username and password only

once to access multiple protected services and Web servers. The WebVPN server running on the security

appliance acts as a proxy for the user to the authenticating server. When a user logs in, the WebVPN

server sends an SSO authentication request, including username and password, to the authenticating

server using HTTPS. If the server approves the authentication request, it returns an SSO authentication

cookie to the WebVPN server. The security appliance keeps this cookie on behalf of the user and uses it

to authenticate the user to secure websites within the domain protected by the SSO server.

In addition to the HTTP Form protocol, WebVPN administrators can choose to configure SSO with the

HTTP Basic and NTLM authentication protocols (the auto-signon command), or with Computer

Associates eTrust SiteMinder SSO server (formerly Netegrity SiteMinder) as well. For an in-depth

discussion of configuring SSO with either HTTP Forms, auto-signon or SiteMinder, see the

Clientless SSL VPN

The security appliance maintains a local database that you can populate with user profiles.

This section contains the following topics:

User profiles contain, at a minimum, a username. Typically, a password is assigned to each username,

although passwords are optional.

The username attributes command lets you enter the username mode. In this mode, you can add other

information to a specific user profile. The information you can add includes VPN-related attributes, such

as a VPN session timeout value.

Cisco Security Appliance Command Line Configuration Guide

User Profiles, page 13-6

Fallback Support, page 13-7

Configuring AAA Servers and the Local Database

Example 13-2 on page

"LDAP Server Support" section

Troubleshooting

Asa 5500 series

Ldap Server Support; Sso Support For Webvpn With Http Forms; Local Database Support; User Profiles - Cisco PIX 500 Series Configuration Manual

LDAP Server Support

SSO Support for WebVPN with HTTP Forms

Local Database Support

User Profiles

Troubleshooting

Related Manuals for Cisco PIX 500 Series

Related Content for Cisco PIX 500 Series

This manual is also suitable for:

Table of Contents