06-05-2023 09:25 AM
good afternoon everyone,
last week i replaced our company cisco ASA v9.13 with a new ASA v9.19. I installed all the configuration from the old one on the new ASA. the old ASA worked fine with anyconnect and sso on keykloack. but on the new one the anyconnect doesn't work the sso way anymore. works fine without sso. if I run the windows on an older anyconnect client version 4.10.05***, the sso also works well, but not with new versions and also on the mac os and linux and also not on the browser.
I always get the message : authentication failed due to problem navigating to the single sign-on url
can someone help me here?
06-06-2023 11:59 AM
Hello @naeel
Please confirm which Anyconnect version works with ASAv9.19 and which does not ?
Regards
Salman Mahajan
06-06-2023 12:08 PM
Hi Salman,
I have tried several versions. now i have 4.10.07061, and i have the secure client v 5.**. deversion that works well now is 4.10.05071. mac os and linux doesn't work either.
sso connection works fine with 4.10.05071. if i connect without sso all versions work fine.
06-06-2023 12:25 PM
Hi @naeel
Looks like you are hitting this bug as per the symptoms - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa31551
It is fixed in Secure Client v5 . For windows you can use Secure Client v5 and for MAC/Linux you will have to go with 4.10.05071 till the time Secure Client becomes available for it .
Potential Workaround You can try :- Since you have upgraded ASAv to 9.19 , it support external browser for SAML authentication . You can try to use that for Anyconnect instead of Embedded Browser authentication .
Regards
Salman Mahajan
06-06-2023 12:32 PM
the mac os doesn't work on all versions now and also on the version 4.10.05071. so the mac no longer works on asa 9.19 with sso connection. the windows also does not work on the secur client v5 with sso. If I connect without sso everything works fine
06-15-2023 12:22 PM
I wouldn't go with version 9.19.1 as it is not listed as the recommended release. I think the options you would have would be a) to downgrade to the latest recommended which is 9.18.3, b) to raise a TAC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide