Solved: AnyConnect clientless and SAML

kpo · ‎09-26-2017

I have a problem with Anyconnect clientless configuration with SAML. I have correctly configured ConnectionProfile, GroupPolicies and SAML Identity Provider. My Identity Provider is a simpleSAMLphp script.

At logon I am redirected to the AnyConnect login page, and in the ASDM log I get an error:

Failed to consume SAML assertion. Reason: The identifier of a provider is unknown to #LassoServer. To register a provider in a #LassoServer object, you must use the lasso_server_add_provider () or lasso_server_add_provider_from_buffer () methods.

Regards

Chris

kpo · ‎04-04-2018

Hi, I made a factory reset and configured from scratch, it works correctly, It works correctly from Cisco Adaptive Security Appliance Software Version 9.9(1)4

View solution in original post

Flavio Miranda · ‎09-28-2017

Hi,

Have you tried to do what it asks:

lasso_server_add_provider ()

lasso_error_t
lasso_server_add_provider (LassoServer *server,
                           LassoProviderRole role,
                           const gchar *metadata,
                           const gchar *public_key,
                           const gchar *ca_cert_chain)

javier.negro · ‎11-25-2017

Those aren't Cisco ASA commands. I suppose that is something Cisco developers would have to do. Cisco documentation isn't very helpful about stating what format the SAML assertion needs to have...

CSCJD · ‎03-29-2018

Were you able to find a resolution to this issue?

kpo · ‎04-04-2018

Hi, I made a factory reset and configured from scratch, it works correctly, It works correctly from Cisco Adaptive Security Appliance Software Version 9.9(1)4