SAML External Browser with ASA 9.14 and Anyconnect 4.10

Scottish_ITtech · ‎03-02-2022

Hi,

Should Anyconnect 4.10 on ASA 9.14 be able to use an external browser for SAML authentication?

We have SAML working but only through the embedded browser which doesn't support Yubikey or Windows Hello.

If it should support it, can you advise how to enable?

Milos_Jovanovic · ‎03-11-2022

No, it will not work, as support for External Browser came with 9.17(1). You'll have to upgrade to newer release before you can try it.

I haven't teted this myself yet, but here is the configuration explanation.

BR,

Milos

Marcelo Morais · ‎12-12-2022

Hi @Scottish_ITtech ,

although it's an old topic, I would like to add the following:

1. from AnyConnect 4.6 to AnyConnect 4.10.03104 an enhanced version of SAML integration with an Embedded Browser has replaced the Native (External) Browser Integration from previous releases.
2. AnyConnect 4.10.04065 supports AnyConnect VPN SAML External Browser (as an optional add-on, via the External Browser Package external-sso-4.10.04065-webdeploy-k9.pkg)
3. since AnyConnect 4.10.04071 you don't need the External Browser Package
4. since AnyConnect 4.10.05095, on Windows, the AnyConnect Embedded Browser is Microsoft Edge WebView2
5. for SAML External Browser use, you MUST perform configuration using:
. ASA 9.17.1+ (via CLI command external-browser enable in the config-tunnel-webvpn mode)
. ASDM 7.17.1+
. FDM 7.1+

Hope this helps !!!