Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1121
Views
0
Helpful
5
Replies

Pass vpn portal login credentials to homepage

samking01
Level 1
Level 1

‎01-02-2014 05:37 PM

We're currently in the process of upgrading our vpn client from the old ipsec client to anyconnect and want to use the web login (just login, no portal page) for access.

We have a main intranet page that everyone uses and needs to login to use (we use Active Directy so credentials for vpn and intranet are the same), so, using a custom vpn login page, would it be possible to take a user's login credentials entered on the login site and post them into the intranet page so that the Intranet page opens automatically (after logging onto the vpn) with them already logged in?

I'm guessing the login fields arn't accessible but it would be nice in order to reduce the amount of times need to login with the same credentials.

Thanks

Labels:
0 Helpful
5 Replies 5

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎01-03-2014 12:08 AM

Sam,

I think this is what you're looking for:

http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/c07_717723_00_asa_adaptive_security_appliance.pdf

section

"Auto Sign-On for External Portal Page".

To troubleshoot this you will need to use HTTPwatch/fiddler or other similar tools.

M.

0 Helpful

samking01
Level 1
Level 1
In response to Marcin Latosiewicz

‎01-03-2014 04:27 AM

Very promising, thank you, but I'm having issue with the two different homepage options; there's the External portal page option which has the POST functionality I need but, to my understanding, that portal only opens with the clientless/browser ssl vpn.

The other option is the Homepage url setting in the group policy which almost functions as needed, it opens up the page after the login but I can't see any POST functionality with this option, it seems like I would have to push the login credentials into the url but that would be a bad idea.

Any ideas?

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to samking01

‎01-04-2014 07:14 AM

Sam,

I think it's a limiation of group-policy homepage that it does not allow neither macro subsituation nor POST.

IRT pushing credentials it's not that big of a problem - provided it's HTTPS.

Probably not the best idea in the world of security, but not uncommon.

M.

0 Helpful

samking01
Level 1
Level 1
In response to Marcin Latosiewicz

‎01-08-2014 08:22 PM

That's a shame but we should be able to work around that.

Just a thought but would it be possible to do the process the other way around? ie. passing the login credentials to the ASA login page from an external site?

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to samking01

‎01-09-2014 12:33 AM

Sam,

I found a few threads internally asking for SAML/POST from other portal to ASA and it does not exist today.

The POST method could potentially work, but from experience, it's not something that would be guaranteed to work across versions.

M.

0 Helpful
Customers Also Viewed These Support Documents