Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

33-31

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 33 Configuring Policy Objects for Remote Access VPNs

Add or Edit Single Sign On Server Dialog Boxes

Note The SAML Browser Artifact profile method of exchanging assertions is not supported.

Navigation Path

Select Single Sign On Servers in the Policy Object Manager, page 6-4. Right-click inside the work area

and select New Object or right-click a row and select Edit Object.

You can also create the object when configuring an ASA user group object for SSL VPN (see ASA Group

Policies SSL VPN Settings, page 33-17).

Field Reference

Table 33-20 Add or Edit Single Sign-On Server Dialog Box

Element Description

Name The object name, which must be 4 to 31 characters. Object names are

not case-sensitive. For more information, see Creating Policy Objects,

page 6-9.

Description An optional description of the object.

Authentication Type The type of SSO server to use with clientless SSL VPN connections.

The other attributes on the page change based on your selection.

• SiteMinder—Computer Associates SiteMinder SSO server.

• SAML POST—Security Assertion Markup Language (SAML)

Browser Post Profile server.

URL

(SiteMinder only.)

The URL of the SiteMinder SSO server to which the security appliance

makes authentication requests. Select whether to use HTTP or HTTPS

and enter the URL.

Tip For HTTPS communication, make sure that the SSL encryption

settings match on both the security appliance and the

SiteMinder server. On the security appliance, you can verify

this with the ssl encryption command.

Secret Key

Confirm

(SiteMinder only.)

The key used to encrypt authentication communications with the

SiteMinder server, if any. The key can contain any alphanumeric

characters. There is no minimum or maximum number of characters.

Enter the same key in both fields.

Tip If you enter a secret key, you must configure the same key in the

SiteMinder server using the Cisco Java plug-in authentication

scheme.

Assertion URL

(SAML POST only.)

The URL for the SAML-type SSO assertion consumer service. Select

whether to use HTTP or HTTPS and enter the URL, which must be

fewer than 255 characters.

Assertion Issuer

(SAML POST only.)

The name of the security device that is sending assertions to a

SAML-type SSO server. This is usually the name of the security

appliance, for example, asa.example.com. The name must be fewer

than 65 characters.

previous next