67-32
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 67 Clientless SSL VPN
SSO Servers
Step 1 Configure the SAML server parameters to represent the asserting party (the adaptive security appliance):
• Recipient consumer (Web Agent) URL (same as the assertion consumer URL configured on the
ASA)
• Issuer ID, a string, usually the hostname of appliance
• Profile type -Browser Post Profile
Step 2 Configure certificates.
Step 3 Specify that asserting party assertions must be signed.
Step 4 Select how the SAML server identifies the user:
• Subject Name Type is DN
• Subject Name format is uid=<user>
Adding the Cisco Authentication Scheme to SiteMinder
Besides configuring the adaptive security appliance for SSO with SiteMinder, you must also configure
your CA SiteMinder Policy Server with the Cisco authentication scheme, provided as a Java plug-in.
Note • Configuring the SiteMinder Policy Server requires experience with SiteMinder.
• This section presents general tasks, not a complete procedure.
• Refer to the CA SiteMinder documentation for the complete procedure for adding a custom
authentication scheme.
To configure the Cisco authentication scheme on your SiteMinder Policy Server, perform the following
steps:
Step 1 With the Siteminder Administration utility, create a custom authentication scheme being sure to use the
following specific arguments:
• In the Library field, enter smjavaapi.
• In the Secret field, enter the same secret configured in the Secret Key field of the Add SSO Server
dialog to follow.
• In the Parameter field, enter CiscoAuthApi.
Step 2 Using your Cisco.com login, download the file cisco_vpn_auth.jar from
http://www.cisco.com/cgi-bin/tablebuild.pl/asa and copy it to the default library directory for the
SiteMinder server. This .jar file is also available on the Cisco adaptive security appliance CD.
To Next Page
Loading...
Need help?
General
