Cisco Support Community
Community Member

Bookmark Smart Tunnel with SSO (WebVPN)

Hello - I have been working for the past few weeks on implementing our WebVPN (Clientless SSL VPN) solution and we just about finished except for one issue we are running into.  We have a bookmark list that we have enabled the auto sign-in server list for.  When setting these bookmarks and leaving Smart Tunnel unchecked the Single Sign On works fine.  Once we set the Smart Tunnel option the SSO breaks and users are prompted for credentials.

We have found that we need to use Smart Tunnels on our bookmarks because Cisco injects code into site pages which causes undesired effects (OWA rendering issues, internal sites built in .Net utilizing Java script have problems)

Any ideas on how to either stop the code injection into pages, or enable Smart Tunnel and have SSO work would be great.  Thanks for any help.


Bookmark Smart Tunnel with SSO (WebVPN)

Dear Joseph,

Please check this out:

To create a list of hosts smart-tunnel automatically submits credentials, use the smart-tunnel auto-signon list command in webvpn configuration mode.

smart-tunnel auto-signon [use-domain] {ip [] | host }

To enable/disable servers on a group-policy, use CLI:

smart-tunnel auto-signon enable [domain ]

*Only available since 8.4.


ASA(config-webvpn)# smart-tunnel auto-signon ServersA ip

ASA(config-webvpn)# smart-tunnel auto-signon ServersA host *

ASA(config)# group-policy TEST attributes

ASA(config-group-policy)# webvpn

ASA(config-group-webvpn)# smart-tunnel auto-signon enable ServersA

Please keep in mind that this feature is not always reliable, so if further issues appear I would recommend to open a TAC case.

Let me know.

Please rate this post if you find it useful.

Community Member

Bookmark Smart Tunnel with SSO (WebVPN)

Thank you very much for the quick response!  We should be able to test this tonight after hours.  I will let you know how it goes. 

Community Member

Bookmark Smart Tunnel with SSO (WebVPN)

So we tested the smart tunnel auto-sign in list and our users are still being prompted for credentials when clicking on bookmarks.  The strang part is, this occurs on only through desktop and laptop browsers.  Mobile devices do not prompt for credentials and go directly into the site.

We did have SSO working outside of smart tunnels, so is there a way to disable the code injection into our internal sites? 

Thank you.

Community Member

Bookmark Smart Tunnel with SSO (WebVPN)

I have a similar problem, but I have the need to inject the domain into a Web Bookmark, but cannot get auto-sign-on to work with Smart Tunnel or a normal Boomark...

So with Smart Tunnels, does that mean they have to launch the link from outside the portal bookmark (like in a new tab or window)? Or will the Smart Tunnel auto-sign-on work with the actual Web Bookmark links as well?

CreatePlease to create content