Chapter 12 Configuring AAA Servers and User Accounts
Identifying AAA Server Groups and Servers
–Start URL—Specifies the complete URL of the authenticating web server location where a pre-login cookie can be retrieved. This parameter must be configured only when the authenticating web server loads a pre-login cookie with the login page. A drop-down list offers both HTTP and HTTPS. The maximum number of characters is 1024, and there is no minimum.
–Action URI—Specifies the complete Uniform Resource Identifier for the authentication program on the authorizing web server. The maximum number of characters for the complete URI is 2048 characters.
–Username—Specifies the name of a username parameter—not a specific username—that must
be submitted as part of the HTTP form used for SSO authentication. The maximum number of characters is 128, and there is no minimum.
–Password—Specifies the name of a user password parameter—not a specific password value—that must be submitted as part of the HTTP form used for SSO authentication. The maximum number of characters is 128, and there is no minimum.
–Hidden Values—Specifies hidden parameters for the HTTP POST request submitted to the authenticating web server for SSO authentication. This parameter is necessary only when it is expected by the authenticating web server as indicated by its presence in the HTTP POST request. The maximum number of characters is 2048.
–Authentication Cookie Name—(Optional) Specifies the name of the cookie that is set by the server on successful login and that contains the authentication information. It is used to assign a meaningful name to the authentication cookie to help distinguish it from other cookies that the web server may pass back. The maximum number of characters is 128, and there is no minimum.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode | | Security Context | | |
| | | | | |
| | | | Multiple | |
| | | | |
Routed | Transparent | Single | Context | System |
| | | | | | |
• | • | 1 | • | • | 1. | — |
| |
| | | | | | |
1. HTTP Form and Clientless SSL VPN are supported only in single routed mode.
Test AAA Server
Note Test AAA Server is not available for HTTP Form authentication servers.
Use the Test button to determine whether the security appliance can contact the selected AAA server. Failure to reach the AAA server may be due to incorrect configuration in ASDM or the AAA server may be unreachable for other reasons, such as restrictive network configurations or server downtime.
After you complete the fields in this dialog box and click OK, the security appliance sends the applicable test message to the selected server. If the test fails, ASDM displays an error message about the type of error encountered. If the error message suggests a configuration error in ASDM, correct the configuration and try the test again.
| | | | | | |
| | ASDM User Guide | | |
| | |
| OL-12180-01 | | | 12-19 | |
| | | |
