Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 SSO Servers

72-59

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter72 Configuring Clientless SSL VPN

SSO Servers

Step5 (Optional) Enter a URL or a comma-delimited list of several URLs to exclude from those that can be

sent to the HTTP proxy server. The string does not have a character limit, but the entire command cannot

exceed 512 characters. You can specify literal URLs or use the following wildcards:

•* to match any string, including slashes (/) and periods (.). You must accompany this wildcard with

an alphanumeric string.

•? to match any single character, including slashes and periods.

•[x-y] to match any single character in the range of x and y, where x represents one character and y

represents another character in the ANSI character set.

•[!x-y] to match any single character that is not in the range.

Step6 (Optional) Enter this keyword to accompany each HTTP proxy request with a username to provide basic,

proxy authentication.

Step7 Enter a password to send to the proxy server with each HTTP request.

Step8 As an alternative to specifying the IP address of the HTTP proxy server, you can choose Specify PAC

file URL to specify a Proxy autoconfiguration file to download to the browser. Once downloaded, the

PAC file uses a JavaScript function to identify a proxy for each URL. Enter http:// and type the URL of

the proxy autoconfiguration file into the adjacent field. If you omit the http:// portion, the ASA ignores

it.

Step9 Choose if you want to use an HTTPS proxy server.

Step10 Click to identify the HTTPS proxy server by its IP address or hostname.

Step11 Enter the hostname or IP address of the external HTTPS proxy server.

Step12 Enter the port that listens for HTTPS requests. The default port is 443.

Step13 (Optional) Enter a URL or a comma-delimited list of several URLs to exclude from those that can be

sent to the HTTPS proxy server. The string does not have a character limit, but the entire command

cannot exceed 512 characters. You can specify literal URLs or use the following wildcards:

•* to match any string, including slashes (/) and periods (.). You must accompany this wildcard with

an alphanumeric string.

•? to match any single character, including slashes and periods.

•[x-y] to match any single character in the range of x and y, where x represents one character and y

represents another character in the ANSI character set.

•[!x-y] to match any single character that is not in the range.

Step14 (Optional) Enter this keyword to accompany each HTTPS proxy request with a username to provide

basic, proxy authentication.

Step15 Enter a password to send to the proxy server with each HTTPS request.

SSO Servers

The SSO Server pane lets you configure or delete single sign-on (SSO) for users of clientless SSL VPN

connecting to a Computer Associates SiteMinder SSO server or to a Security Assertion Markup

Language (SAML), Version 1.1, Browser Post Profile SSO server. SSO support, available only for

clientless SSL VPN, lets users access different secure services on different servers without entering a

username and password more than once.

Cisco Systems SSO Servers