74-15
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Using Single Sign-on with Clientless SSL VPN
Configuring SSO Authentication Using SiteMinder
This section describes configuring the ASA to support SSO with SiteMinder. You would typically
choose to implement SSO with SiteMinder if your website security infrastucture already incorporates
SiteMinder. With this method, SSO authentication is separate from AAA and happens once the AAA
process completes.
Prerequisites
Specifying the SSO server.
Specifying the URL of the SSO server to which the ASA makes SSO authentication requests.
Specifying a secret key to secure the communication between the ASA and the SSO server. This key
is similar to a password: you create it, save it, and enter it on both the ASA and the SiteMinder Policy
Server using the Cisco Java plug-in authentication scheme.
Optionally, you can do the following configuration tasks in addition to the required tasks:
Configuring the authentication request timeout.
Configuring the number of authentication request retries.
Restrictions
If you want to configure SSO for a user or group for clientless SSL VPN access, you must first configure
a AAA server, such as a RADIUS or LDAP server. You can then set up SSO support for clientless SSL
VPN.
Detailed Steps
This section presents specific steps for configuring the ASA to support SSO authentication with CA
SiteMinder. To configure SSO with SiteMinder, perform the following steps:
Command Purpose
Step1 webvpn Switches to webvpn configuration mode.
Step2 sso-server with the type option
Example:
hostname(config)# webvpn
hostname(config-webvpn)# sso-server Example type
siteminder
hostname(config-webvpn-sso-siteminder)#
Creates an SSO server.
Creates an SSO server named Example of type
siteminder.
Step3 config-webvpn-sso-siteminder Switches to site minder configuration mode.
Step4 web-agent-url
Example:
hostname(config-webvpn-sso-siteminder)#
web-agent-url http://www.Example.com/webvpn
hostname(config-webvpn-sso-siteminder)#
Specifies the authentication URL of the SSO server.
Sends authentication requests to the URL
http://www.Example.com/webvpn.