cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect
327
Views
0
Helpful
2
Replies
Beginner

Clientless VPN and SAML authentication with Azure

Hello,

 

I'm testing SAML authentication using Azure AD as IdP and the ASA as the SP. Login works fine but the logout  fails because the ASA is sending the wrong URL.

Although I've configured the valid URL:

url sign-out https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0

Looking at the requests performed by the browser during the logout, the URL requested is:

https://login.microsoftonline.com/common/wsfederationwa=wsignout1.0 without the '?' so the browsers receives a not found error from the server.

 

Anyone has this working with Azure?

 

Regards.

Everyone's tags (1)
2 REPLIES 2
Beginner

Re: Clientless VPN and SAML authentication with Azure

Good Morning Antonio, I'm looking at this configuration for a client who's looking to add Azure as a IdP against their ASA's currently deployed, could you forward any reference documentation you found for this design ? Everything I've discovered so far references either using on-prem MFA server or the NPS extension 

 

Any pointers would be greatly appreciated. 

Everyone's tags (1)
Highlighted
Beginner

Re: Clientless VPN and SAML authentication with Azure

Hello,

 

I followed these two references below from MS and Cisco. Anyway, I hopefully plan to blog the whole process shortly. I'll update the post upon I post it.

 

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/webvpn-configure-users.html

 

Good luck!