Configuring Sso With The Http Form Protocol - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 37
Configuring WebVPN
•
To configure the Cisco authentication scheme on your SiteMinder Policy Server, perform these
following tasks:
With the Siteminder Administration utility, create a custom authentication scheme being sure to use the
Step 1
following specific arguments:
•
•
•
Step 2
Copy the file cisco_vpn_auth.jar from the CD to the default library directory for the SiteMinder server.
Configuring SSO with the HTTP Form Protocol
This section describes using the HTTP Form protocol for SSO. HTTP Form protocol is a common
approach to SSO authentication that can also qualify as a AAA method. It provides a secure method for
exchanging authentication information between WebVPN users and authenticating web servers. As a
common protocol, it is highly compatible with web servers and web-based SSO products, and you can
use it in conjunction with other AAA servers such as RADIUS or LDAP servers.
To configure SSO with the HTTP protocol correctly, you must have a thorough working knowledge of
Note
authentication and HTTP protocol exchanges.
The security appliance again serves as a proxy for WebVPN users to an authenticating web server but,
in this case, it uses HTTP Form protocol and the POST method for requests. You must configure the
security appliance to send and receive form data.
authentication steps:
1.
2.
3.
4.
5.
OL-10088-01
Refer to the CA SiteMinder documentation for the complete procedure for adding a custom
authentication scheme.
In the Library field, enter smjavaapi.
In the Secret field, enter the same secret configured on the security appliance.
You configure this on the security appliance with either the policy-server-secret command at the
command line interface or in the Secret Key field of the Add SSO Server dialog in ASDM.
In the Parameter field, enter CiscoAuthAPI.
A WebVPN user first enters a username and password to log into the WebVPN server on the security
appliance.
The WebVPN server acts as a proxy for the user and forwards the form data (username and
password) to an authenticating web server using a POST authentication request.
If the authenticating web server approves the user data, it returns an authentication cookie to the
WebVPN server where it is stored on behalf of the user.
The WebVPN server establishes a tunnel to the user.
The user can now access other websites within the protected SSO environment without reentering a
username and password.
Figure 37-1
illustrates the following SSO
Cisco Security Appliance Command Line Configuration Guide
Getting Started with WebVPN
37-9
Advertisement
Table of Contents
Troubleshooting
