Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6301
Views
5
Helpful
4
Replies

Anyconnect SAML Browser Minimised, how to configure the built in browser?

James Vale
Level 1
Level 1

‎05-23-2019 02:47 AM - edited ‎02-21-2020 09:39 PM

Hi guys.

I have a couple of ASAs I have inherited after the last guy left.

When connecting Anyconnect to one of them the SAML authetication window opens in a dedicated window

When connecting to the other the SAML authentication opens in the OS Default browser, usually minimised and generally anoys my users.

 

I have hunted high and low but cant find the setting to change this anywhere.   The client profiles are identical on each unit.

 

Can someone point me in the right direction please?

 

Thanks

J

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Tarik Admani
VIP Alumni
VIP Alumni

‎04-03-2020 01:18 PM

Hi - did you resolve your issue, running into the same issue here as well.

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to Tarik Admani

‎04-04-2020 03:56 AM

Hi,

 

   Do you run different version of ASA and Anyconnect? The SAML behaviour, using system defined or embedded browser is different based on the versions used.

 

Regards,

Cristian Matei.

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to Cristian Matei

‎04-06-2020 12:34 PM

Same version of anyconnect - different versions of ASA, was wondering if we can set the external browser versus the thin browser.

0 Helpful

Gustavo Medina
Cisco Employee
Cisco Employee
In response to Tarik Admani

‎04-06-2020 01:01 PM

Hi,

 

SAML 2.0 with a native (external) browser is available in AnyConnect 4.4 and AnyConnect 4.5 and ASA release 9.7.x, 9.8.x, and 9.9.1. The new enhanced version with embedded browser requires you to upgrade to AnyConnect 4.6 and ASA 9.7.1.24 (or later), 9.8.2.28 (or later), or 9.9.2.1 (or later).

When upgrading or deploying the headend or client devices with the embedded browser SAML integration, take note of these scenarios:

  • If you deploy AnyConnect 4.6 first, both the native (external) browser and the embedded browser SAML integration function as expected without further action. AnyConnect 4.6 supports either an existing or updated ASA version, even when you deploy AnyConnect first.

  • If you deploy the updated ASA version (with the embedded browser SAML integration) first, you must in turn upgrade AnyConnect, because, by default, the updated ASA releases are not backward compatible with the native (external) browser SAML integration in releases prior to AnyConnect 4.6. The upgrade for any existing AnyConnect 4.4 or 4.5 clients occurs after authentication and requires you to enable the saml external-browser command in tunnel group configuration.

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect46/administration/guide/b_AnyConnect_Administrator_Guide_4-6/configure-vpn.html

 

Regards,

Gustavo

Customers Also Viewed These Support Documents