74-24
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Using Single Sign-on with Clientless SSL VPN
Gathering HTTP Form Data
This section presents the steps for discovering and gathering necessary HTTP Form data. If you do not
know what parameters the authenticating web server requires, you can gather parameter data by
analyzing an authentication exchange using the following steps:
Prerequisites
These steps require a browser and an HTTP header analyzer.
Step11 hidden-parameter
Example:
SMENC=ISO-8859-1&SMLOCALE=US-EN&target=https%3A%2F%2
Fwww.example.com%2Femco%2Fappdir%2FAreaRoot.do%3FEMC
OPageCode%3DENG&smauthreason=0
To specify this hidden parameter, enter the
following commands:
hostname(config)# aaa-server testgrp1 host
example.com
hostname(config-aaa-server-host)# hidden-parameter
SMENC=ISO-8859-1&SMLOCALE=US-EN&targe
hostname(config-aaa-server-host)# hidden-parameter
t=https%3A%2F%2Fwww.example.com%2Femc
hostname(config-aaa-server-host)# hidden-parameter
o%2Fappdir%2FAreaRoot.do%3FEMCOPageCo
hostname(config-aaa-server-host)# hidden-parameter
de%3DENG&smauthreason=0
hostname(config-aaa-server-host)#
Specifies hidden parameters for exchange with the
authenticating web server.
Shows an example hidden parameter excerpted from
a POST request. This hidden parameter includes
four form entries and their values, separated by &.
The four entries and their values are:
SMENC with a value of ISO-8859-1.
SMLOCALE with a value of US-EN.
target with a value of
https%3A%2F%2Fwww.example.com%2Femc
o%2Fappdir%2FAreaRoot.do.
%3FEMCOPageCode%3DENG.
smauthreason with a value of 0.
Step12 (Optional)
auth-cookie-name
Example:
hostname(config-aaa-server-host)# auth-cookie-name
SsoAuthCookie
hostname(config-aaa-server-host)#
Specifies the name for the authentication cookie.
Specifies the authentication cookie name of
SsoAuthCookie.
Step13 tunnel-group general-attributes Switches to tunnel-group general-attributes mode.
Step14 authentication-server-group
Example:
hostname(config)# tunnel-group testgroup
general-attributes
hostname(config-tunnel-general)#authentication-serve
r-group testgrp1
Configures a tunnel-group to use the SSO server
configured in the previous steps.
Configures the tunnel-group named /testgroup/ to
use the SSO server(s) named /testgrp1/”.
Command Purpose