Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Single sign-on in a PIX/ACS - Win Active Directory environment.

My company is trying to reduce the number of user IDs and passwords that a typical user need to access our applications to hopefully one. We refer to this as single sign-on. The idea is to have the user authenticate once at initial Windows sign-on to the Windows/Kerberos domain controller and have Kerberos issue a certificate or token to the user. Once the user has been authenticated a utility running on the PC would respond to any further ID/password requests using the certificate/token and not prompt the user for authentication again.

The challenge seems to be getting my PIX firewall and the ACS server to participate correctly in the process. For access control and accounting purposes the PIX is setup to authenticate HTTP users through the ACS server and the Windows domain controller. In the future when the PIX asks for authentication, the response will be something other than an ID/password.

Has anyone tackled this question yet?

New Member

Re: Single sign-on in a PIX/ACS - Win Active Directory environme

Any update on this ?