01-02-2014 05:37 PM
We're currently in the process of upgrading our vpn client from the old ipsec client to anyconnect and want to use the web login (just login, no portal page) for access.
We have a main intranet page that everyone uses and needs to login to use (we use Active Directy so credentials for vpn and intranet are the same), so, using a custom vpn login page, would it be possible to take a user's login credentials entered on the login site and post them into the intranet page so that the Intranet page opens automatically (after logging onto the vpn) with them already logged in?
I'm guessing the login fields arn't accessible but it would be nice in order to reduce the amount of times need to login with the same credentials.
Thanks
01-03-2014 12:08 AM
Sam,
I think this is what you're looking for:
section
"Auto Sign-On for External Portal Page".
To troubleshoot this you will need to use HTTPwatch/fiddler or other similar tools.
M.
01-03-2014 04:27 AM
Very promising, thank you, but I'm having issue with the two different homepage options; there's the External portal page option which has the POST functionality I need but, to my understanding, that portal only opens with the clientless/browser ssl vpn.
The other option is the Homepage url setting in the group policy which almost functions as needed, it opens up the page after the login but I can't see any POST functionality with this option, it seems like I would have to push the login credentials into the url but that would be a bad idea.
Any ideas?
01-04-2014 07:14 AM
Sam,
I think it's a limiation of group-policy homepage that it does not allow neither macro subsituation nor POST.
IRT pushing credentials it's not that big of a problem - provided it's HTTPS.
Probably not the best idea in the world of security, but not uncommon.
M.
01-08-2014 08:22 PM
That's a shame but we should be able to work around that.
Just a thought but would it be possible to do the process the other way around? ie. passing the login credentials to the ASA login page from an external site?
01-09-2014 12:33 AM
Sam,
I found a few threads internally asking for SAML/POST from other portal to ASA and it does not exist today.
The POST method could potentially work, but from experience, it's not something that would be guaranteed to work across versions.
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide