Yes, I have used HTTP form (with Post) as an authentication method for clientless webvpn and SSO. There is no specific template for this, per say, as some of the options for your AAA config are application specific (ex action-uri and hidden-parameter). My recommendation is to follow the following doc very closely. It really does a good job of breaking down the steps to implementing it.
I'm following this document but I just need to understand a bit the concerpt, when I login using a username and password to the SSL porta, will this same username and password be used automatically for a configured web application( bookmark) for which authentication on the web application is mandatory!
SO I enter the username and password only once the first time?
Another thing concerning the aaa method should I bind it from the beginning for the usernam and password used for the SSL portal?
Just to take a step back here to clarify, when you state: "Another thing concerning the aaa method should I bind it from the beginning for the usernam and password used for the SSL portal?" What is the scope of your efforts with portal? Is your intention to authenticate the user and dump them straight into the web app, or will there be other applications presented within the portal? If you're looking to just take the user directly to the app after login, you could create a AAA group for the http-form (to auth against the web app) and tie it to your tunnel-group (connection profile). Then, using either GP or customizations, you can skip the standard portal page and place the user right into the app. You would just need to specify to do an HTTP POST to page using the webvpn credentials and map them to the values in the http parameters.
If your intention is for this app to be one of many in the portal, your options somewhat depend upon the authentication methods for both your tunnel-group as well as your web app. If this is the case, let me know and we can expound on it further as there are different methods/variables involved here.
I'm glad I'm working from the first time with the right guy on netpro
My scenario is the below:
I have different web applications that will be posted on the portal and each has its own authentication schema.
so basically I need to go with the second option where I was thinking of a unified username and password across all web applications for a specified username and when connected to the SSL portal, he would chose one of the links but then he'll not to have to authenticate against the web application.
Can this be done? IF not what are my alternatives?
The web applications are a combination of IIS, webmails and apache
When you say each has its own authentication schema, does that mean that each has different combinations of UN and Passwords? Or is there something unifying it on the back-end, such as AD? Assuming everything ties in on the backend for authentication, you can set your portal auth against the centralized AAA server, be it radius, Ldap, etc. Then when, publishing bookmarks, you can set it to post those credentials or use one of the other SSO methods outlined in the following document:
If the authentication structure for all of your web resources is not tied together on the backend, then this becomes even more challenging where SSO may not be a full possibility. You could, of course, always play a bit with double auth (introduced in 8.2) or the internal password functionality, but this can become somewhat cumbersome to the end user.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...