Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8280
Views
0
Helpful
6
Replies

Cisco Anyconnect SAML- authentication failed due to navigation timeout

Go to solution
jniravel
Level 1
Level 1

‎08-23-2022 05:07 AM - edited ‎08-23-2022 05:12 AM

 

Cisco AnyConnect not able to login via SAML integration. The login is successful when using the browser through the outside interface domain but while using client VPN, there is timeout after blank screen. How to fix this?

Preview file
82 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-23-2022 08:25 AM

This would normally indicate that the url sign-in that is in the webvpn section of your ASA configuration is referencing a URL that is not resolvable by or responding to the AnyConnect client.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-23-2022 08:25 AM

This would normally indicate that the url sign-in that is in the webvpn section of your ASA configuration is referencing a URL that is not resolvable by or responding to the AnyConnect client.

0 Helpful

Go to solution
jniravel
Level 1
Level 1
In response to Marvin Rhoads

‎08-23-2022 09:02 AM

@Marvin Rhoads : When I try to hit the outside URL on browser, I am able to authenticate through Okta with the same profile and download the AnyConnect client.
This issue occurs while using the VPN client.  

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to jniravel

‎08-23-2022 09:35 AM

What is your AnyConnect version?

0 Helpful

Go to solution
jniravel
Level 1
Level 1
In response to Marvin Rhoads

‎08-23-2022 09:48 AM

Version is 4.10.05111

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to jniravel

‎08-23-2022 10:18 AM - edited ‎08-23-2022 10:18 AM

Your version checks out OK then. It should be compatible with SAML authentication.

Troubleshooting at this point can be tricky. However if you are handy with reading debugs you can use Fiddler to capture the https traffic and provide the certificate so that you can decode it to see what is being sent and why the reply is sending that error code.

https://docs.telerik.com/fiddler/configure-fiddler/tasks/decrypthttps

0 Helpful

Go to solution
Serpent2010
Level 1
Level 1
In response to Marvin Rhoads

‎10-06-2022 08:24 PM

Hello,

I have some users getting extremely slowness when clicking on cisco AnyConnect to get SAML authentication. it took them 7 minutes to complete the authentication process but after getting connected everything is normal and no asp drop. 

The odd this delay is occurring to some users not all of them for the same tunnel group,

The SAML metadata is matching with any other tunnel group that has no issue

Any idea?

Thanks 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card