Filter
Top Products
38-31
Cisco ASDM User Guide
OL-16647-01
Chapter 38 Clientless SSL VPN
SSO Servers
SAML POST SSO Server Configuration
Use the SAML server documentation provided by the server software vendor to configure the SAML
server in Relying Party mode. The following steps list the values required to configure the SAML Server
for Browser Post Profile:
Step 1 Configure the SAML server parameters to represent the asserting party (the security appliance):
• Recipient consumer (Web Agent) URL (same as the assertion consumer URL configured on the
ASA)
• Issuer ID, a string, usually the hostname of appliance
• Profile type -Browser Post Profile
Step 2 Configure certificates.
Step 3 Specify that asserting party assertions must be signed.
Step 4 Select how the SAML server identifies the user:
• Subject Name Type is DN
• Subject Name format is uid=<user>
Adding the Cisco Authentication Scheme to SiteMinder
Besides configuring the security appliance for SSO with SiteMinder, you must also configure your CA
SiteMinder Policy Server with the Cisco authentication scheme, provided as a Java plug-in.
Note • Configuring the SiteMinder Policy Server requires experience with SiteMinder.
• This section presents general tasks, not a complete procedure.
• Refer to the CA SiteMinder documentation for the complete procedure for adding a custom
authentication scheme.
To configure the Cisco authentication scheme on your SiteMinder Policy Server, perform the following
tasks:
Step 1 With the Siteminder Administration utility, create a custom authentication scheme being sure to use the
following specific arguments:
• In the Library field, enter smjavaapi.
• In the Secret field, enter the same secret configured in the Secret Key field of the Add SSO Server
dialog to follow.
• In the Parameter field, enter CiscoAuthApi.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——