72-15
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 72 Configuring Clientless SSL VPN
Configuring Application Helper
Detailed Steps
Step 1 Navigate to Configuration > Remote Access VPN > Clientless SSL VPN Access > Connection Profiles
> Add or Edit > Advanced > General > Password Management.
Step 2 Click the Enable password management option.
Adding the Cisco Authentication Scheme to SiteMinder
In addition to configuring the ASA for SSO with SiteMinder, you must also configure your CA
SiteMinder Policy Server with the Cisco authentication scheme, a Java plug-in you download from the
Cisco web site.
Prerequisites
Configuring the SiteMinder Policy Server requires experience with SiteMinder.
Detailed Steps
This section presents general tasks, not a complete procedure. To configure the Cisco authentication
scheme on your SiteMinder Policy Server, perform the following steps:
Step 1 With the SiteMinder Administration utility, create a custom authentication scheme, being sure to use the
following specific arguments:
• In the Library field, enter smjavaapi.
• In the Secret field, enter the same secret configured on the ASA.
You configure the secret on the ASA using the policy-server-secret command at the command line
interface.
• In the Parameter field, enter CiscoAuthApi.
Step 2 Using your Cisco.com login, download the file cisco_vpn_auth.jar from
http://www.cisco.com/cisco/software/navigator.html and copy it to the default library directory for the
SiteMinder server. This .jar file is also available on the Cisco ASA CD.
Configuring the SAML POST SSO Server
Use the SAML server documentation provided by the server software vendor to configure the SAML
server in Relying Party mode.The following steps list the specific parameters required to configure the
SAML Server for Browser Post Profile:
Detailed Steps
Step 1 Configure the SAML server parameters to represent the asserting party (the ASA):
• Recipient consumer URL (same as the assertion consumer URL configured on the ASA)
• Issuer ID, a string, usually the hostname of appliance
• Profile type -Browser Post Profile