Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

14-17

Cisco ASDM User Guide

OL-16647-01

Chapter 14 Configuring AAA Servers and the Local Database

Configuring AAA Server Groups

HTTP Form Server Fields

This area appears only when the selected server group uses HTTP Form, and only the server group name

and the protocol are visible. Other fields are not available when using HTTP Form.

If you do not know what the following parameters are, use an HTTP header analyzer to extract the data

from the HTTP GET and POST exchanges when logging into the authenticating web server directly, not

through the security appliancee. See the Cisco Security Appliance Command Line Configuration Guide,

for more detail on extracting these parameters from the HTTP exchanges.

The following table describes the unique fields for configuring HTTP Form servers, for use with the

“Adding a Server to a Group” section on page 14-10.

Group Base DN Used only for Active Directory servers using LDAP protocol. This DN

specifies the location in the LDAP hierarchy to begin searching for the

AD groups. That is, the list of memberOf enumerations. If this field is

not configured, the security applicance uses the Base DN for AD

group retrieval.

ASDM uses the list of retrieved AD groups to define AAA selection

criterion for dynamic access policies. For more information, see the

show ad-groups command in CLI Command Reference Guide.

Group Search Timeout Specifies the maximum time to wait for a response from an Active

Directory server queried for available groups.

Field Description

Field Description

Start URL The complete URL of the authenticating web server location where a

pre-login cookie can be retrieved. This parameter must be configured

only when the authenticating web server loads a pre-login cookie with

the login page. A drop-down list offers both HTTP and HTTPS. The

maximum number of characters is 1024, and there is no minimum.

Action URI The complete Uniform Resource Identifier for the authentication

program on the authorizing web server. The maximum number of

characters for the complete URI is 2048 characters.

Username The name of a username parameter—not a specific username—that

must be submitted as part of the HTTP form used for SSO

authentication. The maximum number of characters is 128, and there

is no minimum.

Password The name of a user password parameter—not a specific password

value—that must be submitted as part of the HTTP form used for SSO

authentication. The maximum number of characters is 128, and there

is no minimum.

previous next