I have been trying to setup a CAS as inline real IP gateway mode to support single sign on via a Cisco ASA running cisco vpn IPsec client.
CAS and CAM are running 4.5.1
I have followed the online guide to the letter (except for running the CAS in virtual gateway mode and doing vlan mapping)
My vpn authentication works on the ASA and radius is passed though the CAS to the ACS server just fine.
I did a tcpdump on both cas and cam and saw the Radius accounting packet be transmitted from the ASA to the CAS and then from the CAS to the CAM, so the radius accounting 'start' packet is being transmitted upon the user being authenticated on the vpn.
The problem is that the laptop attempting to access the network will not display the 'auto login' screen from the CCA agent, instead the CCA agent displays the authentication request screen for user and password details.
I also following the advice of this link with no success
(Known Issue for VPN SSO Following Upgrade to Release 4.5)
So I'm now doubting myself as to whether the CAS can support SSO in real IP gateway mode.
i've set it up in real ip gw mode, but not in 4.5. it worked fine.
is this the guide you followed?