Cisco FirePOWER ASA 5500 series Configuration Manual page 703
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 37
Configuring WebVPN
•
•
You might also need to do the following tasks depending upon the requirements of authenticating web
server:
•
•
•
Detailed Tasks: Configuring SSO with HTTP Form Protocol
This section presents the detailed tasks required to configure SSO with the HTTP Form protocol.
Perform the following steps to configure the security appliance to use HTTP Form protocol for SSO:
If the authenticating web server requires it, enter the start-url command in aaa-server-host configuration
Step 1
mode to specify the URL from which to retrieve a pre-login cookie from the authenticating web server.
For example, to specify the authenticating web server URL http://example.com/east/Area.do?Page-Grp1
in the testgrp1 server group with an IP address of 10.0.0.2, enter the following:
hostname(config)# aaa-server testgrp1 host 10.0.0.2
hostname(config-aaa-server-host)# start-url http://example.com/east/Area.do?Page-Grp1
hostname(config-aaa-server-host)#
To specify a URI for an authentication program on the authenticating web server, enter the action-uri
Step 2
command in aaa-server- host configuration mode. A URI can be entered on multiple, sequential lines.
The maximum number of characters per line is 255. The maximum number of characters for a complete
URI is 2048. An example action URI follows:
http://www.example.com/auth/index.html/appdir/authc/forms/MCOlogin.fcc?TYPE=33554433&REA
LMOID=06-000a1311-a828-1185-ab41-8333b16a0008&GUID=&SMAUTHREASON=0&METHOD
=GET&SMAGENTNAME=$SM$5FZmjnk3DRNwNjk2KcqVCFbIrNT9%2bJ0H0KPshFtg6rB1UV2P
xkHqLw%3d%3d&TARGET=https%3A%2F%2Fauth.example.com
To specify this action URI, enter the following commands:
hostname(config-aaa-server-host)# action-uri http://www.example.com/auth/index.htm
hostname(config-aaa-server-host)# action-uri l/appdir/authc/forms/MCOlogin.fcc?TYP
hostname(config-aaa-server-host)# action-uri 554433&REALMOID=06-000a1311-a828-1185
hostname(config-aaa-server-host)# action-uri -ab41-8333b16a0008&GUID=&SMAUTHREASON
hostname(config-aaa-server-host)# action-uri =0&METHOD=GET&SMAGENTNAME=$SM$5FZmjnk
hostname(config-aaa-server-host)# action-uri 3DRNwNjk2KcqVCFbIrNT9%2bJ0H0KPshFtg6r
hostname(config-aaa-server-host)# action-uri B1UV2PxkHqLw%3d%3d&TARGET=https%3A%2F
hostname(config-aaa-server-host)# action-uri %2Fauth.example.com
hostname(config-aaa-server-host)#
You must include the hostname and protocol in the action URI. In the preceding example, these appear
Note
at the start of the URI in http://www.example.com.
To configure a username parameter for the HTTP POST request, enter the user-parameter command in
Step 3
aaa-server-host configuration mode. For example, the following command configures the username
parameter userid:
hostname(config-aaa-server-host)# user-parameter userid
OL-10088-01
Configure the username parameter (user-parameter).
Configure the user password parameter (password-parameter).
Configure a starting URL if the authenticating web server requires a pre-login cookie exchange
(start-url).
Configure any hidden authentication parameters required by the authenticating web server
(hidden-parameter).
Configure the name of an authentication cookie set by the authenticating web server
(auth-cookie-name).
Cisco Security Appliance Command Line Configuration Guide
Getting Started with WebVPN
37-13
Advertisement
Table of Contents
Troubleshooting
