Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA, RDP plugin authentication

Hello,

I've installed an ASA 5505 (8.0.3) with WEBVPN. I've managed to get everything working with SSO (Single Sign On) except for the terminal rdp session. Owa, sharepoint, filebrowsing, SSO is no problem, but I don't seem to get it working with RDP. Somehow it doesn't translate the variables to the rdp session. I'm using CSCO_WEBVPN_USERNAME and CSCO_WEBVPN_PASSORD, but they appear just like that in the username/password field. Is there any way to make SSO work for RDP?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Cisco ASA, RDP plugin authentication

ofwegen, just so you know I'm not using a single signon server, just auto signon, and I got this to work with the rdp plugin by editing the bookmarks to have the "csco_sso=1" option in there:

rdp://myterminalserver/?csco_sso=1

This works for both ICA and the RDP plugins.

9 REPLIES
Bronze

Re: Cisco ASA, RDP plugin authentication

First try fixing asdm, go to firewall command line and see where your asdm upgrade image landed "dir", most likely it landed in disk0, if that is the case do " show run | inc asdm" to see current firewall asdm statement and correct as follows.

asa for ssh follow this link.( use aaa authentication local )

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml#configs

New Member

Re: Cisco ASA, RDP plugin authentication

Hello Htarra,

Thank you for your reply. I don't think it's an AAA issue. The WEBVPN rdp plugin does not use the AAA model of Cisco. I just need to forward the Cisco Username/Password credentials to the RDP plugin.

My ASDM version is: asdm image disk0:/asdm-611.bin

New Member

Re: Cisco ASA, RDP plugin authentication

ofwegen, sorry I don't have a fix for you, but if you happen to find the fix for SSO using RDP, please post what you find. I've been working on this same thing now for about two months.

I'll post back of couse if I find the remedy.

New Member

Re: Cisco ASA, RDP plugin authentication

If I find the fix, I will. I've noticed that the variables used by the RDP plugin differ from the variables used by Cisco. Maybe there is a way to transfer these value's?

New Member

Re: Cisco ASA, RDP plugin authentication

ofwegen, just so you know I'm not using a single signon server, just auto signon, and I got this to work with the rdp plugin by editing the bookmarks to have the "csco_sso=1" option in there:

rdp://myterminalserver/?csco_sso=1

This works for both ICA and the RDP plugins.

New Member

Re: Cisco ASA, RDP plugin authentication

Cool! That did the trick, great! Now, last question, do you also know how to avoid the printer/drive sharing popup? Normally there's a check box to not show that message anymore, but that's missing.

New Member

Re: Cisco ASA, RDP plugin authentication

Hi,

Does anybody know what csco_sso=1 really does? How does it work?

New Member

Re: Cisco ASA, RDP plugin authentication

Hello Patrick,

For as far as I know, it's not documented anywhere near the RDP plugin. What is does is simple. It translates the Cisco username/password variable to the variables used in the RDP plugin (this is thirt party software). The csco_sso feature is documented near the Citrix plugin, you could see if any usefull information can be found there.

Regards,

Leon

Re: Cisco ASA, RDP plugin authentication

Its documented over here (for Citrix):

Under the "Providing a Bookmark and Optional SSO Support for Citrix Sessions" section:

http://cisco.com/en/US/docs/security/asa/asa80/configuration/guide/webvpn.html#wp1232666

Also it seems the SSH plugin also supports SSO, as it also has a sso.conf file.

Regards

Farrukh

1616
Views
0
Helpful
9
Replies