Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
kpo
kpo
Community Member
‎09-26-2017 02:08 AM
‎09-26-2017 02:08 AM

AnyConnect clientless and SAML

I have a problem with Anyconnect clientless configuration with SAML. I have correctly configured ConnectionProfile, GroupPolicies and SAML Identity Provider. My Identity Provider is a simpleSAMLphp script.

At logon I am redirected to the AnyConnect login page, and in the ASDM log I get an error:

 

Failed to consume SAML assertion. Reason: The identifier of a provider is unknown to #LassoServer. To register a provider in a #LassoServer object, you must use the lasso_server_add_provider () or lasso_server_add_provider_from_buffer () methods.

 

Regards

Chris

Everyone's tags (4)
3 people had this problem
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
kpo
kpo
Community Member
3 weeks ago
3 weeks ago

Re: AnyConnect clientless and SAML

Hi, I made a factory reset and configured from scratch, it works correctly, It works correctly from Cisco Adaptive Security Appliance Software Version 9.9(1)4

0 Helpful
Reply
4 REPLIES
Flavio Miranda
VIP Green Flavio Miranda VIP Green
VIP Green
‎09-28-2017 03:00 AM
‎09-28-2017 03:00 AM

Re: AnyConnect clientless and SAML

Hi,

Have you tried to do what it asks:

lasso_server_add_provider ()

lasso_error_t
lasso_server_add_provider (LassoServer *server,
                           LassoProviderRole role,
                           const gchar *metadata,
                           const gchar *public_key,
                           const gchar *ca_cert_chain)
0 Helpful
Reply
javier.negro
javier.negro
Community Member
‎11-25-2017 09:15 AM
‎11-25-2017 09:15 AM

Re: AnyConnect clientless and SAML

Those aren't Cisco ASA commands. I suppose that is something Cisco developers would have to do. Cisco documentation isn't very helpful about stating what format the SAML assertion needs to have...

0 Helpful
Reply
CSCJD
CSCJD
Community Member
4 weeks ago
4 weeks ago

Re: AnyConnect clientless and SAML

Were you able to find a resolution to this issue?

0 Helpful
Reply
kpo
kpo
Community Member
3 weeks ago
3 weeks ago

Re: AnyConnect clientless and SAML

Hi, I made a factory reset and configured from scratch, it works correctly, It works correctly from Cisco Adaptive Security Appliance Software Version 9.9(1)4

0 Helpful
Reply
Latest Documents
PFRv3 channel state questions
Created by Vasilii Mikhailovskii on 04-23-2018 05:06 AM
0
0
0
0
This document gives several answers on frequently asked questions for PFRv3 channel state behavior. Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st... view more
VPN and static NAT problem
Created by Jacopo Belcredi on 04-23-2018 04:07 AM
0
0
0
0
Symptoms The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921). The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN. I couldn't connect to the hos... view more
Cisco ESW-520-24P Switch Configuration
Created by Kevin DeMott on 04-19-2018 01:49 PM
0
0
0
0
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers.  When we try to change the wiring and configuration, we run in to connectivity issues.  Attached is a des... view more
All Documents
2249
Views
0
Helpful
4
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
Glimpse of "EIGRP name mode configuration"
Created by ashirkar on 10-01-2013 02:06 AM
7
79
7
79
What happens, when router receives packet?
Created by ashirkar on 10-18-2012 03:19 AM
31
49
31
49
BLOG (No Title)
Created by Akula Jyoti Lakshmi on 08-09-2011 09:13 PM
15
43
15
43
All Blogs