Cisco PIX 500 Series Configuration Manual page 767

Security appliance command line

Hide thumbs Also See for PIX 500 Series:

Administration manual (653 pages)

Quick start manual (72 pages)

User manual (60 pages)

Table of Contents

Configuring Clientless SSL VPN

After you configure the SSO server, you must specify SSO authentication for either a group or user. To

specify SSO for a group, assign an SSO server to a group policy using the sso-server value command

in group-policy-webvpn configuration mode. To specify SSO for a user, assign an SSO server to a user

policy using the same command, sso-server value, but in username-webvpn configuration mode. For

example, to assign the SSO server named Example to the user named Anyuser, enter the following:

hostname(config)# username Anyuser attributes

hostname(config-username)# webvpn

hostname(config-username-webvpn)# sso-server value Example

hostname(config-username-webvpn)#

Finally, you can test the SSO server configuration using the test sso-server command in privileged

EXEC mode. For example, to test the SSO server named Example using the username Anyuser, enter the

hostname# test sso-server Example username Anyuser

INFO: Attempting authentication request to sso-server Example for user Anyuser

INFO: STATUS: Success

Adding the Cisco Authentication Scheme to SiteMinder

In addition to configuring the security appliance for SSO with SiteMinder, you must also configure your

CA SiteMinder Policy Server with the Cisco authentication scheme, a Java plug-in you download from

the Cisco web site.

Configuring the SiteMinder Policy Server requires experience with SiteMinder. This section presents

general tasks, not a complete procedure.

To configure the Cisco authentication scheme on your SiteMinder Policy Server, perform the following

With the SiteMinder Administration utility, create a custom authentication scheme, being sure to use the

following specific arguments:

Using your Cisco.com login, download the file cisco_vpn_auth.jar from

http://www.cisco.com/cgi-bin/tablebuild.pl/asa

SiteMinder server. This .jar file is also available on the Cisco security appliance CD.

In the Library field, enter smjavaapi.

In the Secret field, enter the same secret configured on the security appliance.

You configure the secret on the security appliance using the policy-server-secret command at the

command line interface.

In the Parameter field, enter CiscoAuthAPI.

and copy it to the default library directory for the

Cisco Security Appliance Command Line Configuration Guide

Getting Started

Troubleshooting

Asa 5500 series

Cisco PIX 500 Series Configuration Manual page 767

Troubleshooting

Related Manuals for Cisco PIX 500 Series

Related Products for Cisco PIX 500 Series

This manual is also suitable for:

Table of Contents