https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4037275#M1067114 <P>Hi All,</P><P>&nbsp;</P><P>Could someone share the sample configuration template for integration of saml2.0 with asafw</P><P>and what certificates are reqd and how to install ?</P><P>We're using authentication via LDAP as of now and looking forward to integrate with P'fed'te.</P><P>Would like to know whether to select SP initiated or Idp Initiated SSO ?</P><P>We're using anyconnectvpn at the moment.</P><P>&nbsp;</P><P>regards</P><P>SecIT</P> Sun, 01 Mar 2020 15:10:40 GMT secureIT 2020-03-01T15:10:40Z https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4037275#M1067114 <P>Hi All,</P><P>&nbsp;</P><P>Could someone share the sample configuration template for integration of saml2.0 with asafw</P><P>and what certificates are reqd and how to install ?</P><P>We're using authentication via LDAP as of now and looking forward to integrate with P'fed'te.</P><P>Would like to know whether to select SP initiated or Idp Initiated SSO ?</P><P>We're using anyconnectvpn at the moment.</P><P>&nbsp;</P><P>regards</P><P>SecIT</P> Sun, 01 Mar 2020 15:10:40 GMT https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4037275#M1067114 secureIT 2020-03-01T15:10:40Z https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4038216#M1067176 <P>Hi,</P><P>&nbsp;</P><P>&nbsp; &nbsp;The mode depends on the traffic flow you want, in the end you can have one or both:if the user authenticates agains the IdP, you configure IdP on the ASA, if the user authenticates against the ASA, you configure SP on the ASA. In both cases, you need to import the certificate chain of the IdP on the ASA. If you do it from ASDM, it's pretty intuitive, if you do it form CLI, here's the guideline:</P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/webvpn-configure-users.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/webvpn-configure-users.html</A></P><P>&nbsp;</P><P>Regards,</P><P>Cristian Matei.</P> Sun, 01 Mar 2020 16:31:06 GMT https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4038216#M1067176 Cristian Matei 2020-03-01T16:31:06Z https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4038314#M1067180 <P>Thanks a lot Cristian.<BR />Would you please give me ASDM procedure.<BR />The user shall be authenticates against Idp.</P><P>Whether to import the Idp certificate under Device Mgmt&gt;CA certificate ?</P><P>or&nbsp;</P><P>Configuration -&gt; Remote Access VPN -&gt; Certificate Management -&gt; Identity certificates ?</P> Mon, 02 Mar 2020 03:42:36 GMT https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4038314#M1067180 secureIT 2020-03-02T03:42:36Z https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4039967#M1067283 <PRE>Could someone please advise..</PRE> Wed, 04 Mar 2020 08:31:56 GMT https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4039967#M1067283 secureIT 2020-03-04T08:31:56Z https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4039997#M1067290 <P>Hi,</P><P>&nbsp; &nbsp;&nbsp;</P><P>&nbsp; &nbsp;Here's your configuration via ASDM:</P><P>&nbsp;</P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/asdm78/vpn/asdm-78-vpn-config/webvpn-configure-users.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/asdm78/vpn/asdm-78-vpn-config/webvpn-configure-users.html</A></P><P>&nbsp;</P><P>As for where to import the certificate, it doesn't matter, just configure a regular trustpoint.</P><P>&nbsp;</P><P>Regards,</P><P>Cristian Matei.</P> Wed, 04 Mar 2020 09:21:46 GMT https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4039997#M1067290 Cristian Matei 2020-03-04T09:21:46Z https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4040600#M1067366 <P>Thank you Cristian, I shall test and get back to you.</P> Thu, 05 Mar 2020 04:40:45 GMT https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4040600#M1067366 secureIT 2020-03-05T04:40:45Z https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4046808#M1067835 <P>Hi,</P><P>&nbsp;</P><P>&nbsp;&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/318853">@secureIT</a>&nbsp;I replied you in private and above as well, to your question.</P><P>&nbsp;</P><P>Regards,</P><P>Cristian Matei.</P> Mon, 16 Mar 2020 18:44:58 GMT https://community.cisco.com/t5/network-security/ciscoasa-saml-cfg-asdm/m-p/4046808#M1067835 Cristian Matei 2020-03-16T18:44:58Z