Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7589
Views
0
Helpful
6
Replies

AnyConnect 4.0.x and Single sign on Problems

LudovicDS
Level 1
Level 1

‎05-05-2015 02:32 AM - edited ‎03-10-2019 10:42 PM

Hi Community,

I'm facing issues with anyconnect 4.0 in windows 7 computer. (Anyconnect Secure Mobility Client)

I have configured a file profile "configuration.xml" in attached file (rename in.txt) with Network Access Manager profile Editor and push it to the Client Directory cisco/Cisco AnyConnect Secure Mobility Client/Network Access Manager/System.

 

As you can see in attached file "the single sign on is configured for user credentials"

Nevertheless when the user open his session, a connexion popup (login/password) appears on user's computer side.

Have you already heard about this problem. What should i check? how can i fixe the issue?

 

Thanks you very much for your help.

Best regards

Ludovic

 

1 person had this problem
Labels:
Preview file
10 KB
0 Helpful
6 Replies 6

stsargen
Cisco Employee
Cisco Employee

‎05-11-2015 07:57 AM

Hi Ludovic,

If the NAM client is configured for SSO and the authentication is failing for any reason NAM will prompt you for credentials at the desktop.  I looked over the configuration.xml file and it looks fine.  Are you receiving any errors on your RADIUS server?  If you can upload a DART bundle it may help to identify the issue. 

Thanks,

Steve S.

0 Helpful

LudovicDS
Level 1
Level 1
In response to stsargen

‎05-11-2015 08:11 AM

Hi Steve, here you will find de Customer DART File.

There is no error on Radius Side. Customer is authenticated but needs to enter credential at any time.

Unconfortable for the customer's connection.

Thanks for your help.

 

best regards.

 

Ludovic

dartbundle_0505_1743.zip
0 Helpful

stsargen
Cisco Employee
Cisco Employee
In response to LudovicDS

‎05-11-2015 08:28 AM

Hi Ludovic,

From the logs it looks like you are configured for EAP-Chaining, but the machine portion of the authentication is failing.

The user portion (SSO) is passing as you can see here.

1664: OSAVPLRC4141: mai 05 2015 16:16:04.280 -0100: %NAM-7-DEBUG_MSG: %[tid=5968]: EAP: ...received EapStatusEvent: session-id=1, EAP handle=00AD4D1C, status=AC_EAP_STATUS_INTERMEDIATE_EAP_SUCCESS

 

Then the machine portion of EAP-Chaining fails.

1781: OSAVPLRC4141: mai 05 2015 16:16:04.484 -0100: %NAM-7-DEBUG_MSG: %[tid=5968]: handleEventAndDoStateTransitionAction action : ACTION_AUTH_FAIL

Does the SSO user auth work if EAP-Chaining is not configured in ISE?

You may also want totry the latest 4.1 client that was released to CCO last week.  We did have a few fixes for EAP-FAST authentication.  You might be hitting one of these issues.

Thanks,

Steve S.

 

 

Thanks,

Steve S.

0 Helpful

LudovicDS
Level 1
Level 1
In response to stsargen

‎05-11-2015 08:46 AM

Steve, pehaps it's not the googd DART file but EAP Chaining is running. The only problem is SSO.

I will try to upgrade AnyConnect to 4.1 and will tell you back if it fixed the issue.

Best regards.

Ludovic

0 Helpful

CCertified85
Level 1
Level 1
In response to LudovicDS

‎07-04-2018 11:54 AM

i am having same problem in anyconnect NAM v 4.5 .530

 

Does anybody have a fix ?

0 Helpful

stsargen
Cisco Employee
Cisco Employee
In response to CCertified85

‎07-17-2018 11:24 AM

Do you have any logs for the failed connection attempts?

0 Helpful
Customers Also Viewed These Support Documents