Cisco PIX 500 Series Configuration Manual page 771
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 37
Configuring Clientless SSL VPN
3.
4.
5.
Figure 37-2
While you would expect to configure form parameters that let the security appliance include POST data
such as the username and password, you initially might not be aware of additional hidden parameters
that the web server requires. Some authentication applications expect hidden data which is neither
visible to nor entered by the user. You can, however, discover hidden parameters the authenticating web
server expects by making a direct authentication request to the web server from your browser without
the security appliance in the middle acting as a proxy. Analyzing the web server response using an HTTP
header analyzer reveals hidden parameters in a format similar to the following:
<param name>=<URL encoded value>&<param name>=<URL encoded>
Some hidden parameters are mandatory and some are optional. If the web server requires data for a
hidden parameter, it rejects any authentication POST request that omits that data. Because a header
analyzer does not tell you if a hidden parameter is mandatory or not, we recommend that you include all
hidden parameters until you determine which are mandatory.
This section describes:
•
•
•
Gathering HTTP Form Data
This section presents the steps for discovering and gathering necessary HTTP Form data. If you do not
know what parameters the authenticating web server requires, you can gather parameter data by
analyzing an authentication exchange using the following steps:
These steps require a browser and an HTTP header analyzer.
Note
OL-12172-03
If the authenticating web server approves the user data, it returns an authentication cookie to the
clientless SSL VPN server where it is stored on behalf of the user.
The clientless SSL VPN server establishes a tunnel to the user.
The user can now access other websites within the protected SSO environment without reentering a
username and password.
SSO Authentication Using HTTP Forms
1
4
5
Tunnel
Gathering HTTP Form Data
Task Overview: Configuring SSO with HTTP Form Protocol
Detailed Tasks: Configuring SSO with HTTP Form Protocol
2
Auth Web
server
3
Web VPN
5
server
Other protected
web server
Cisco Security Appliance Command Line Configuration Guide
Getting Started
37-15
Advertisement
Table of Contents
Troubleshooting
