Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
882
Views
0
Helpful
5
Replies

Clientless VPN with SAML

Go to solution
fhk-cwempe
Level 1
Level 1

‎10-01-2024 12:45 AM

Hello,

I successfully configured a Tunnel-Group to use SAML with Cisco Secure Client (aka AnyConnect).

Now I want to enable SAML on the DefaultWEBVPNGroup.
This works for the VPN-Client.

But when I open the ASA website in my browser an Login via SAML I cannot reach the correct website.
First I get a "you have been logged out" page and then I get stuck in a SAML-login loop.

(Same for the other Tunnel-Group)

But I want to reach the site where the user can download the VPN client.

What am I doing wrong?
Do I need to enable some special option?
Or is my SAML configuration wrong?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
fhk-cwempe
Level 1
Level 1

‎10-07-2024 04:18 AM

I found the issue myself.

There was some kind of caching problem in my browser.
Deleting all browser data fixed the issue.

Thank you anyway.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
zeuscyril
Level 4
Level 4

‎10-01-2024 01:29 AM

can you share the details like asa model and version and what SAML provider are you using

0 Helpful

Go to solution
fhk-cwempe
Level 1
Level 1
In response to zeuscyril

‎10-01-2024 03:17 AM

Sure.

Hardware: FPR-1140
Cisco Adaptive Security Appliance Software Version 9.18(4)22

SAML Provider is OpenText NetIQ Advanced Authentication.

0 Helpful

Go to solution
zeuscyril
Level 4
Level 4

‎10-03-2024 01:38 AM

Hi

You can follow this link for reference. this is for Okta i think this will help you. This particular configuration works in okta perfectly. please have a look

https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Cisco-ASA-VPN.html

 

0 Helpful

Go to solution
zeuscyril
Level 4
Level 4

‎10-03-2024 01:47 AM

Cisco announced below but you can try once with given reference before.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa916/asdm716/vpn/asdm-716-vpn-config/webvpn-configure-users.html

Cisco announces the feature deprecation for Clientless SSL VPN effective with ASA version 9.17(1). Limited support will continue on releases prior to 9.17(1). Further guidance will be provided regarding migration options to more robust and modern solutions (for example, remote Duo Network Gateway, AnyConnect, remote browser isolation capabilities, and so on).

0 Helpful

Go to solution
fhk-cwempe
Level 1
Level 1

‎10-07-2024 04:18 AM

I found the issue myself.

There was some kind of caching problem in my browser.
Deleting all browser data fixed the issue.

Thank you anyway.

0 Helpful
Customers Also Viewed These Support Documents