Authenticating With Digital Certificates - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Creating and Applying WebVPN Policies
hostname(config-aaa-server-host)#
To configure a user password parameter for the HTTP POST request, use the password-parameter
Step 4
command in aaa-server-host configuration mode. For example, the following command configures a user
password parameter named user_password:
hostname(config-aaa-server-host)# password-parameter user_password
hostname(config-aaa-server-host)#
Step 5
To specify hidden parameters for exchange with the authenticating web server, use the
hidden-parameter command in aaa-server-host configuration mode. An example hidden parameter
excerpted from a POST request follows:
SMENC=ISO-8859-1&SMLOCALE=US-EN&target=https%3A%2F%2Fwww.example.com%2Femco
%2Fappdir%2FAreaRoot.do%3FEMCOPageCode%3DENG&smauthreason=0
This hidden parameter includes four form entries and their values, separated by &. The four entries and
their values are:
•
•
•
•
To specify this hidden parameter, enter the following commands:
hostname(config)# aaa-server testgrp1 host example.com
hostname(config-aaa-server-host)# hidden-parameter SMENC=ISO-8859-1&SMLOCALE=US-EN&targe
hostname(config-aaa-server-host)# hidden-parameter t=https%3A%2F%2Fwww.example.com%2Femc
hostname(config-aaa-server-host)# hidden-parameter o%2Fappdir%2FAreaRoot.do%3FEMCOPageCo
hostname(config-aaa-server-host)# hidden-parameter de%3DENG&smauthreason=0
hostname(config-aaa-server-host)#
Step 6
To specify the name for the authentication cookie, enter the auth-cookie-name command in
aaa-server-host configuration mode. This command is optional. The following example specifies the
authentication cookie name of SsoAuthCookie:
hostname(config-aaa-server-host)# auth-cookie-name SsoAuthCookie
hostname(config-aaa-server-host)#
Authenticating with Digital Certificates
WebVPN users that authenticate using digital certificates do not use global authentication and
authorization settings. Instead, they use an authorization server to authenticate once the certificate
validation occurs. For more information on authentication and authorization using digital certificates,
see
Database" chapter.
Creating and Applying WebVPN Policies
Creating and applying WebVPN policies that govern access to resources at the central site includes the
following tasks:
Cisco Security Appliance Command Line Configuration Guide
37-14
SMENC with a value of ISO-8859-1
SMLOCALE with a value of US-EN
target with a value of https%3A%2F%2Fwww.example.com%2Femco%2Fappdir%2FAreaRoot.do
%3FEMCOPageCode%3DENG
smauthreason with a value of 0
"Using Certificates and User Login
Credentials" in the
"Configuring AAA Servers and the Local
Chapter 37
Configuring WebVPN
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
