webvpn (ssl vpn) to asa with OTP + sso to owa

spirtovoz · ‎09-06-2011

Hi all,

can someone point me the way how i can achive (if it possible) such binding as ssl-vpn to asa and SSO to OWA with use of one-time-password (OTP) for user authentication.

i'm stuck on it

vabruno · ‎09-22-2011

Can you post a bit more details on what you want to accomplish, if you are trying to use SSO using a 2 factor solution for login this is no possible because this defeats the use of 2 factor which requires what you know and what you have concept. Also this depends on what you require during the login process. For examples are you requiring a username/password and pin/passcode combo? If so you can't have SSO with the scenario.

Please post more detail

Sent from Cisco Technical Support iPhone App

cgabbert100 · ‎08-01-2013

I am looking to configure the same exact setup. We'd like to setup WebVPN for services such as OWA and SharePoint but would like for users to only use their RSA SecurID tokencodes. We do not want to provide them with ActiveDirectory passwords at all. The individual above stating this defeats the purpose of 2-factor authenticaiton obiviously doesn't understand the concept. This would still be enforcing 2-factor authentication since the user knows their PIN and physically has their RSA fob (2-factor is something you know and something you have).

We have 3 ASA's in a VPN cluster, ACS appliances, RSA appliances, and Active Directory services. Right now the user can log into the WebVPN portal using their AD username and RSA tokencode just fine. From there they click on the OWA link which then attempt to use their RSA tokencode for the SSO to OWA which fails since OWA is looking for an AD password. I know we can prompt the user for an additional password field during the inital WebVPN portal login page but as stated we do NOT want to provide the users with AD passwords at all. If anyone has any info on how this setup might be accomplished it would be much appreciated. Thanks!