74-16
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Using Single Sign-on with Clientless SSL VPN
Adding the Cisco Authentication Scheme to SiteMinder
In addition to configuring the ASA for SSO with SiteMinder, you must also configure your CA
SiteMinder Policy Server with the Cisco authentication scheme, a Java plug-in you download from the
Cisco web site.
Prerequisites
Configuring the SiteMinder Policy Server requires experience with SiteMinder.
Step5 policy-server-secret
Example:
hostname(config-webvpn-sso-siteminder)#
policy-server-secret AtaL8rD8!
hostname(config-webvpn-sso-siteminder)#
Specifies a secret key to secure the authentication
communication between the ASA and SiteMinder.
Creates a secret key AtaL8rD8!. You can create a
key of any length using any regular or shifted
alphanumeric character, but you must enter the same
key on both the ASA and the SSO server.
Step6 request-timeout
Example:
hostname(config-webvpn-sso-siteminder)#
request-timeout 8
hostname(config-webvpn-sso-siteminder)#
Configures the number of seconds before a failed
SSO authentication attempt times out. The default
number of seconds is 5, and the possible range is 1
to 30.
Changes the number of seconds before a request
times out to 8.
Step7 max-retry-attempts
Example:
hostname(config-webvpn-sso-siteminder)#
max-retry-attempts 4
hostname(config-webvpn-sso-siteminder)#
Configures the number of times the ASA retries a
failed SSO authentication attempt before the
authentication times out. The default is 3 retry
attempts, and the possible range is 1 to 5 attempts.
Configures the number of retries to 4.
Step8 username-webvpn
group-policy-webvpn
If specifying authentication for a user.
If specifying authentication for a group.
Step9 sso-server value
Example:
hostname(config)# username Anyuser attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# sso-server value
Example
hostname(config-username-webvpn)#
Specifies the SSO authentication for either a group
or a user.
Assigns the SSO server named Example to the user
named Anyuser.
Step10 test sso-server
Example:
hostname# test sso-server Example username Anyuser
INFO: Attempting authentication request to
sso-server Example for user Anyuser
INFO: STATUS: Success
hostname#
Tests the SSO server configuration.
Tests the SSO server named Example using the
username Anyuser.
Command Purpose