Clientless SSL WebVPN

Unanswered Question
May 20th, 2010

Does anyone know how to inject HTTP POST if you choose to bypass the portal page via the Optional Homepage URL?? It seems as though you dont have any options to pass credentials unless you use the portal and bookmarks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Todd Pula Fri, 05/21/2010 - 13:53

One option would be to use the POST plug-in along with a customization page.  On the customization portal page you can define a homepage URL which will have the post and macros included.  You will then associate this customization to the group policy so that it loads after successful authentication.  A sample POST URL may look something like this:

post://mycitrix-server.abcd.com/Citrix/AccessPlatform/auth/login.aspx?LoginType=Explicit&user=CSCO_WEBVPN_USERNAME&password=CSCO_WEBVPN_PASSWORD

nwlogical Thu, 10/14/2010 - 06:56

Is there another way to do this other than the POST command?  It is my understanding that the POST command will not allow you to enable, "Use Smart Tunnel for Homepage" since it is not an HTTP(S) protocol.

Todd Pula Thu, 10/14/2010 - 07:42

The ASA 8.4 code release will include enhancements for auto sign-on capabilities using POST with smart tunneling.

nwlogical Fri, 10/22/2010 - 15:01

Another question.   If I have the home page set to an http or an https site and smart-tunnel enabled on the site I get this error is the smart tunnel is not installed on the system.  WebVPN Relay loader is taking a long time to start. Jave must be installed and enabled in the browser.  I know Java is enabled and I can go to another ASA site that does not have the home page set and smart-tunnel installs fine and works.  Why is it not installing for the first time user if the are being directed to a home page and not the portal page?  How can I fix this problem.

nwlogical Fri, 10/22/2010 - 17:10

Okay figured this one out.  In IE you  have to have the setting set in Intranet security to enable, allow previously unused activex controls to run without prompt.  In Firefox you need to make sure Java is installed.

nwlogical Wed, 11/17/2010 - 07:12

Just so I understand.  Having smart tunnel enabled on the home page by checking the enable button on "Use smart tunnel for Hompage:" is only for Windows systems.  This will not work on a Mac since the docs say that you can only fire smart tunnel on a Mac from a bookmark, is this correct or is there a work around?  If not is this being looked at to be fixed in the future?

nwlogical Wed, 02/02/2011 - 08:23

Todd, I have tested the 8.4.1 code and it seems that you still can not do a post and auto start smart-tunnel.  Did this fix not make it in the code?

"The ASA 8.4 code release will include enhancements for auto sign-on capabilities using POST with smart tunneling."

Actions

This Discussion