Cisco PIX 500 Series Configuration Manual page 766
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Getting Started
•
•
•
Optionally, you can do the following configuration tasks in addition to the required tasks:
•
•
After you complete these tasks, assign an SSO server to a user or group policy.
Detailed Tasks: Configuring SSO with SiteMinder
This section presents specific steps for configuring the security appliance to support SSO authentication
with CA SiteMinder. To configure SSO with SiteMinder, perform the following steps:
In webvpn configuration mode, enter the sso-server command with the type option to create an SSO
Step 1
server. For example, to create an SSO server named Example of type siteminder, enter the following:
hostname(config)# webvpn
hostname(config-webvpn)# sso-server Example type siteminder
hostname(config-webvpn-sso-siteminder)#
Enter the web-agent-url command in webvpn-sso-siteminder configuration mode to specify the
Step 2
authentication URL of the SSO server. For example, to send authentication requests to the URL
http://www.Example.com/webvpn, enter the following:
hostname(config-webvpn-sso-siteminder)# web-agent-url http://www.Example.com/webvpn
hostname(config-webvpn-sso-siteminder)#
Specify a secret key to secure the authentication communications between the security appliance and
Step 3
SiteMinder using the policy-server-secret command in webvpn-sso-siteminder configuration mode.
You can create a key of any length using any regular or shifted alphanumeric character, but you must
enter the same key on both the security appliance and the SSO server.
For example, to create the secret key AtaL8rD8!, enter the following:
hostname(config-webvpn-sso-siteminder)# policy-server-secret AtaL8rD8!
hostname(config-webvpn-sso-siteminder)#
Optionally, you can configure the number of seconds before a failed SSO authentication attempt times
Step 4
out using the request-timeout command in webvpn-sso-siteminder configuration mode. The default
number of seconds is 5 seconds and the possible range is 1 to 30 seconds. To change the number of
seconds before a request times out to 8, for example, enter the following:
hostname(config-webvpn-sso-siteminder)# request-timeout 8
hostname(config-webvpn-sso-siteminder)#
Step 5
Optionally, you can configure the number of times the security appliance retries a failed SSO
authentication attempt before the authentication times-out using the max-retry-attempts command in
webvpn-sso-siteminder configuration mode. The default is 3 retry attempts and the possible range is 1
to 5 attempts. To configure the number of retries to be 4, for example, enter the following:
hostname(config-webvpn-sso-siteminder)# max-retry-attempts 4
hostname(config-webvpn-sso-siteminder)#
Cisco Security Appliance Command Line Configuration Guide
37-10
Specifying the SSO server.
Specifying the URL of the SSO server to which the security appliance makes SSO authentication
requests.
Specifying a secret key to secure the communication between the security appliance and the SSO
server. This key is similar to a password: you create it, save it, and enter it on both the security
appliance and the SiteMinder Policy Server using the Cisco Java plug-in authentication scheme.
Configuring the authentication request timeout.
Configuring the number of authentication request retries.
Chapter 37
Configuring Clientless SSL VPN
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
