74-22
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Using Single Sign-on with Clientless SSL VPN
Command Purpose
Step1 aaa-server-host Switches to the aaa-server-host configuration mode.
Step2 start-url
Example:
hostname(config)# aaa-server testgrp1 protocol
http-form
hostname(config)# aaa-server testgrp1 host 10.0.0.2
hostname(config-aaa-server-host)# start-url
http://example.com/east/Area.do?Page-Grp1
hostname(config-aaa-server-host)#
If the authenticating web server requires it, specifies
the URL from which to retrieve a pre-login cookie
from the authenticating web server.
Specifies the authenticating web server URL
http://example.com/east/Area.do?Page-Grp1 in the
testgrp1 server group with an IP address of 10.0.0.2.
Step3 action-uri
Example:
http://www.example.com/auth/index.html/appdir/authc/
forms/MCOlogin.fcc?TYPE=33554433&REALMOID=06-000a131
1-a828-1185-ab41-8333b16a0008&GUID=&SMAUTHREASON=0&M
ETHOD=GET&SMAGENTNAME=$SM$5FZmjnk3DRNwNjk2KcqVCFbIrN
T9%2bJ0H0KPshFtg6rB1UV2PxkHqLw%3d%3d&TARGET=https%3A
%2F%2Fauth.example.com
To specify this action URI, enter the following
commands:
hostname(config-aaa-server-host)# action-uri
http://www.example.com/auth/index.htm
hostname(config-aaa-server-host)# action-uri
l/appdir/authc/forms/MCOlogin.fcc?TYP
hostname(config-aaa-server-host)# action-uri
554433&REALMOID=06-000a1311-a828-1185
hostname(config-aaa-server-host)# action-uri
-ab41-8333b16a0008&GUID=&SMAUTHREASON
hostname(config-aaa-server-host)# action-uri
=0&METHOD=GET&SMAGENTNAME=$SM$5FZmjnk
hostname(config-aaa-server-host)# action-uri
3DRNwNjk2KcqVCFbIrNT9% 2bJ0H0KPshFtg6r
hostname(config-aaa-server-host)# action-uri
B1UV2PxkHqLw%3d%3d&TARGET=https%3A%2F
hostname(config-aaa-server-host)# action-uri
%2Fauth.example.com
hostname(config-aaa-server-host)#
Specifies a URI for an authentication program on the
authenticating web server.
A URI can be entered on multiple, sequential lines.
The maximum number of characters per line is 255.
The maximum number of characters for a complete
URI is 2048.
You must include the hostname and protocol in the
action URI. In this example, these appear at the start
of the URI in http://www.example.com.
Step4 user-parameter
Example:
hostname(config-aaa-server-host)# user-parameter
userid
hostname(config-aaa-server-host)#
Configures a username parameter for the HTTP
POST request.
Configures the username parameter userid.
Step5 password-parameter
Example:
hostname(config-aaa-server-host)# password-parameter
user_password
hostname(config-aaa-server-host)#
Configures a user password parameter for the HTTP
POST request.
Configures a user password parameter named
user_password.