We have been trying to make this work and so far not successful.
We can get the metadata from the SAML group , but when SAML idp authenticates, the vpn anyconnect client comes back to the login window with a login failed.
on the Debug we see no proper stabilshment
If I am correct on the Connection Profile (ASA 9.14.3) we select as AAA SAML and then AAA Server our LDAP or LOCAL and then use authorization for LDAP?
I guess SAML is not working properly since on the debug we dont get acknowledged .
I've done the same, but with a newer ASA release. AAA is not involved. See configuration documentation.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: