cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1347
Views
0
Helpful
1
Replies

Clientless SSL VPN SSO (KCD & RSA)

brettmilborrow
Level 1
Level 1

Hi All,

Trying to setup a clientless SSL portal that uses RSA tokens for authentication and provides access to two resouces. OWA and CIFS file shares.

The AD environment uses smartcards for authentication and has hybrid user settings swtiched off, i.e the user is not able to type their passwords into any request for domain level access.

The SSL portal will use RSA tokens for auth, then use KCD to obtain kerberos tickets for access to the resources that the user may need. So far I can get the OWA access to work without the user typing in a password to access OWA (this is confirmed by checking the kerberos debugs on the ASA), however it seems that the ASA does not use the KCD to obtain a ticket for the CIFS access and the user is prompted for credentials when attemtping to access the CIFS shares.

Does anyone know if this is possible?

1 Reply 1

brettmilborrow
Level 1
Level 1

Got confirmation from Cisco DEV that this is not supportted currently.

This is the bug id that has been raised from our discussion with TAC:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCua57799

We are now looking at providing an HTTP interface to the CIFS shares and pointing the ASA WEBVPN at that!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: