Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1396
Views
6
Helpful
2
Replies

Saml auth FTD/FMC/Anyconnect

Go to solution
ciscokiddy
Level 1
Level 1

‎03-17-2021 11:32 AM

Hi,

Had a working saml solution to Azure AD. Inadvertently changed base url within profile in fmc then changed back. Now cisco anyconnect window displays page not found.

 

 debug webvpn saml 255
INFO: debug webvpn saml enabled at level 255.
xxxxxxx# Mar 17 18:14:11 [SAML] get_metadata_by_tgname: SAML config was not found
 
? I am lost here
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee

‎03-17-2021 01:03 PM

Hey  ciscokiddy,

 

The behavior sounds like CSCvi23605, since you are doing this on FTD/FMC you have 2 options:

1- Change the authentication method to something else, deploy and then add the SAML authentication method back.

2- Remove the RAVPN policy specifically on this device going to policy assignment:

policy assign.png After removing the device deploy and then just re-add the device (if the device is in production or there are connections already established the deployment will fail, i recommend to try this option after hours)

 

 

 

 

 

 

 

Rate if Helps!

 

JP

View solution in original post

2 Replies 2

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee

‎03-17-2021 01:03 PM

Hey  ciscokiddy,

 

The behavior sounds like CSCvi23605, since you are doing this on FTD/FMC you have 2 options:

1- Change the authentication method to something else, deploy and then add the SAML authentication method back.

2- Remove the RAVPN policy specifically on this device going to policy assignment:

policy assign.png After removing the device deploy and then just re-add the device (if the device is in production or there are connections already established the deployment will fail, i recommend to try this option after hours)

 

 

 

 

 

 

 

Rate if Helps!

 

JP

Go to solution
ciscokiddy
Level 1
Level 1
In response to JP Miranda Z

‎03-18-2021 12:03 PM

Hi JP,

 

Thank you, all sorted now

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents