Re: ciscoasa-saml-cfg-asdm

secureIT · ‎02-27-2020

Hi All,

Could someone share the sample configuration template for integration of saml2.0 with asafw

and what certificates are reqd and how to install ?

We're using authentication via LDAP as of now and looking forward to integrate with P'fed'te.

Would like to know whether to select SP initiated or Idp Initiated SSO ?

We're using anyconnectvpn at the moment.

regards

SecIT

Cristian Matei · ‎03-01-2020

Hi,

The mode depends on the traffic flow you want, in the end you can have one or both:if the user authenticates agains the IdP, you configure IdP on the ASA, if the user authenticates against the ASA, you configure SP on the ASA. In both cases, you need to import the certificate chain of the IdP on the ASA. If you do it from ASDM, it's pretty intuitive, if you do it form CLI, here's the guideline:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/webvpn-configure-users.html

Regards,

Cristian Matei.

secureIT · ‎03-01-2020

Thanks a lot Cristian.
Would you please give me ASDM procedure.
The user shall be authenticates against Idp.

Whether to import the Idp certificate under Device Mgmt>CA certificate ?

or

Configuration -> Remote Access VPN -> Certificate Management -> Identity certificates ?

Cristian Matei · ‎03-04-2020

Hi,

Here's your configuration via ASDM:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/asdm78/vpn/asdm-78-vpn-config/webvpn-configure-users.html

As for where to import the certificate, it doesn't matter, just configure a regular trustpoint.

Regards,

Cristian Matei.

secureIT · ‎03-04-2020

Thank you Cristian, I shall test and get back to you.

secureIT · ‎03-04-2020

Could someone please advise..

Cristian Matei · ‎03-16-2020

Hi,

@secureIT I replied you in private and above as well, to your question.

Regards,

Cristian Matei.