Cisco Anyconnect integration with AZURE SAML

cammy.busto · ‎06-29-2021

Hi,

Is anyone can help me regarding the error encountered when connecting to Anyconnect? I have an integrated AZURE SAML w/ Cisco ASA for authentication.

Here's my configuration

webvpn
saml idp https://sts.windows.net/x/ - [Azure AD Identifier]
url sign-in https://login.microsoftonline.com/x - [Login URL]
url sign-out https://login.microsoftonline.com/x – Logout URL
trustpoint idp AzureAD-AC-SAML
trustpoint sp ASDM-Trustpoint0
no force re-authentication
no signature
base-url https://0.0.0.0

I just want to confirm if the trustpoint sp ASDM-Trustpoint0 must be a public signed certificate? I'm getting error when redirecting to microsoft via Anyconnect.

This site is not secure

This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.

The website’s security certificate is not secure.

Error Code: 0

Appreciate your help. Thank you.

RCGTesta · ‎10-10-2022

Same error here. It seems that need a public certificate. If you install selfsigned certificate the connection is successfully

Aref Alsouqi · ‎10-10-2022

The certificate you download from Azure and you import into FMC will be used to establish a trust relationship between the FTD and Azure (IdP). On that certificate enrolment you would need to select "skip check for CA flag".