I have set up an ASA 5520 to accept incoming Clientless SSL VPN connections. I authenticate users by both local ACS accounts and Windows AD accounts that are mapped through the ACS server. Needless to say, after the local ACS account creates a SSL VPN connection and tries to access internal resources, it is prompted for domain credentials. When I create a SSL VPN connection with the domain account, there are no prompts.
I have a requirement to only allow ACS local accounts to connect to the ASA and not domain accounts. This means any internal resource that the user accesses will prompt them for credentials if needed. Is there a way to cache the domain credentials after logging into ASA with an ACS local account? Post protocol on an ASA bookmark maybe?