Contents
liii
Cisco ASA 5500 Series Configuration Guide using the CLI
Gathering HTTP Form Data 74-24
Configuring SSO for Plug-ins 74-28
Configuring SSO with Macro Substitution 74-28
Encoding 74-29
Authenticating with Digital Certificates 74-31
Creating and Applying Clientless SSL VPN Policies for Accessing Resources 74-31
Assigning Users to Group Policies 74-31
Using the Security Appliance Authentication Server 74-31
Using a RADIUS Server 74-31
Using an LDAP Server 74-32
Configuring Connection Profile Attributes for Clientless SSL VPN 74-32
Configuring Group Policy and User Attributes for Clientless SSL VPN 74-33
Configuring Browser Access to Plug-ins 74-34
Preparing the Security Appliance for a Plug-in 74-36
Installing Plug-ins Redistributed By Cisco 74-36
Providing Access to Third-Party Plug-ins 74-38
Configuring and Applying the POST URL 74-39
Providing Access to a Citrix Java Presentation Server 74-40
Preparing the Citrix MetraFrame Server for Clientless SSL VPN Access 74-40
Creating and Installing the Citrix Plug-in 74-40
Viewing the Plug-ins Installed on the Security Appliance 74-41
Why a Microsoft Kerberos Constrained Delegation Solution 74-41
Understanding How KCD Works 74-42
Authentication Flow with KCD 74-43
Before Configuring KCD 74-44
Configuring KCD 74-45
Showing KCD Status Information 74-46
Showing Cached Kerberos Tickets 74-47
Clearing Cached Kerberos Tickets 74-48
Configuring Application Access 74-48
Logging Off Smart TunnelConfiguring Smart Tunnel Access 74-48
About Smart Tunnels 74-49
Why Smart Tunnels? 74-49
Adding Applications to Be Eligible for Smart Tunnel Access 74-51
Assigning a Smart Tunnel List 74-55
Configuring and Applying Smart Tunnel Policy 74-56
Configuring and Applying a Smart Tunnel Tunnel Policy 74-57
Specifying Servers for Smart Tunnel Auto Sign-on 74-58
Adding or Editing a Smart Tunnel Auto Sign-on Server Entry 74-60