cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
850
Views
0
Helpful
2
Replies

ASA WebVPN SSO with Cacti

MaseBarnes
Level 1
Level 1

Hi,

I'm using SSO with HTTP POST parameters for SSO to different web applications behind my ASA.

Currently I'm playing around with Cacti.

My parameters are:

action = login

login_username = CSCO_WEBVPN_USERNAME

login_password = CSCO_WEBVPN_PASSWORD

realm = ldap

The login works great, but the webserver sends back after the POST a HTTP code "302 OK". Normally it should be "302 moved" or "200 OK".

The ASA doesn't understand what to do, so it does nothing and replies with an error "Server <vpn gateway link> not available>".

When I push the "Home" button and click on the Cacti bookmark again, I'm logged into cacti. It seems there's a cookie or something missing.

When I do exactly the same thing with a browser, it sends after the "302 OK" a normal GET and I'm logged in.

Seems to me an error in cacti, but I'm also not sure if the ASA doesn't respond correctly???

Also, when I change the bookmark type from https to post, it works! BUT: post plugin only supports http and not https, so my logins a send plain over the internal network.

Any ideas?

Thanks

MB

1 Accepted Solution

Accepted Solutions

rahaddad
Level 1
Level 1
configure the POST plugin for HTTPS by using the csco_proto=https parameter 
in the Post-Plugin URL

View solution in original post

2 Replies 2

rahaddad
Level 1
Level 1
configure the POST plugin for HTTPS by using the csco_proto=https parameter 
in the Post-Plugin URL

Thansk, this is my working bookmark:

post:         

/cacti/index.php?action=login&login_username=CSCO_WEBVPN_USERNAME&login_password=CSCO_WEBVPN_PASSWORD&realm=ldap&csco_proto=https