Configuring Sso With Http Basic Or Ntlm Authentication - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Getting Started with WebVPN
•
•
•
Configuring SSO with HTTP Basic or NTLM Authentication
This section describes single sign-on with HTTP Basic or NTLM authentication. You can configure the
security appliance to implement SSO using either or both of these methods. The auto-signon command
configures the security appliance to automatically pass WebVPN user login credentials (username and
password) on to internal servers. You can enter multiple auto-signon commands. The security appliance
processes them according to the input order (early commands take precedence). You specify the servers
to receive the login credentials using either IP address and IP mask, or URI mask.
Use the auto-signon command in any of three modes: webvpn configuration, webvpn group-policy
mode, or webvpn username mode. Username supersedes group, and group supersedes global. The mode
you choose depends upon scope of authentication you want:
Mode
Webvpn configuration
Webvpn group configuration
Webvpn username configuration An individual WebVPN user
The following example commands present various possible combinations of modes and arguments.
All Users, IP Address Range, NTLM
To configure auto-signon for all WebVPN users to servers with IP addresses ranging from 10.1.1.0 to
10.1.1.255 using NTLM authentication, for example, enter the following commands:
hostname(config)# webvpn
hostname(config-webvpn)# auto-signon allow ip 10.1.1.1 255.255.255.0 auth-type ntlm
All Users, URI Range, HTTP Basic
To configure auto-signon for all WebVPN users, using basic HTTP authentication, to servers defined by
the URI mask https://*.example.com/*, for example, enter the following commands:
hostname(config)# webvpn
hostname(config-webvpn)# auto-signon allow uri https://*.example.com/* auth-type basic
Group, URI Range, HTTP Basic and NTLM
To configure auto-signon for WebVPN users ExamplePolicy group policy, using either basic
or NTLM authentication, to servers defined by the URI mask https://*.example.com/*, for
example, enter the following commands:
hostname(config)# group-policy ExamplePolicy attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# auto-signon allow uri https://*.example.com/* auth-type all
Specific User, IP Address Range, HTTP Basic
To configure auto-signon for a user named Anyuser to servers with IP addresses ranging from 10.1.1.0
to 10.1.1.255 using HTTP Basic authentication, for example, enter the following commands:
Cisco Security Appliance Command Line Configuration Guide
37-6
Configuring SSO with HTTP Basic or NTLM Authentication
Configuring SSO Authentication Using SiteMinder
Configuring SSO with the HTTP Form Protocol
Scope
All WebVPN users globally
A subset of WebVPN users defined by a group policy
Chapter 37
Configuring WebVPN
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
