EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1494 background imageLoading...
Page #1494 background image
67-30
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 67 Clientless SSL VPN
SSO Servers
• Content to Rewrite—Specifies the content to rewrite. The choices are none or a combination of
XML, links, and cookies.
–
XML—Check to rewrite XML content.
–
Hostname—Check to rewrite links.
Modes
The following table shows the modes in which this feature is available:
SSO Servers
The SSO Server pane lets you configure or delete single sign-on (SSO) for users of clientless SSL VPN
connecting to a Computer Associates SiteMinder SSO server or to a Security Assertion Markup
Language (SAML), Version 1.1, Browser Post Profile SSO server. SSO support, available only for
clientless SSL VPN, lets users access different secure services on different servers without entering a
username and password more than once.
You can choose from four methods when configuring SSO: Auto Signon using basic HTTP and/or
NTLMv1 authentication, HTTP Form protocol, or Computer Associates eTrust SiteMinder (formerly
Netegrity SiteMinder), or SAML, Version 1.1 Browser Post Profile.
Note The SAML Browser Artifact profile method of exchanging assertions is not supported.
The following sections describe the procedures for setting up SSO with both SiteMinder and SAML
Browser Post Profile.
• Auto Signon—configures SSO with basic HTTP or NTLM authentication.
• Configuring Session Settings —configures SSO with the HTTP Form protocol.
The SSO mechanism either starts as part of the AAA process (HTTP Forms) or just after successful user
authentication to either a AAA server (SiteMinder) or a SAML Browser Post Profile server. In these
cases, the clientless SSL VPN server running on the adaptive security appliance acts as a proxy for the
user to the authenticating server. When a user logs in, the clientless SSL VPN server sends an SSO
authentication request, including username and password, to the authenticating server using HTTPS.
If the authenticating server approves the authentication request, it returns an SSO authentication cookie
to the clientless SSL VPN server. This cookie is kept on the adaptive security appliance on behalf of the
user and used to authenticate the user to secure websites within the domain protected by the SSO server.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals