Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8614
Views
0
Helpful
2
Replies

Username Retained in AnyConnect Client Username Dialog Box

Go to solution
strakamar
Level 1
Level 1

‎11-29-2010 08:37 AM - edited ‎02-21-2020 04:59 PM

I have one issue remaining on my anyconnect client 2.5.2006. The username in the dialog box is cached. We do not want it to be cached and have users enter their username each time.

Shilpa Gupta Mentioned this on another post of mine. Just wondering if anyone has any other thoughts! The 2.5.2006 client resolved another issue I was having so going back to 2.4 is not an option at this point.

For clearing up the credentials in the dialog box when using AnyConnect I found one of the bug:-

CSCsx76993

Symptom:

User  credentials are cached in preferences.xml  file when using Anyconnect  client.  So when they relaunch Anyconnect,  the username appears in the  client.

Conditions:

This is seen in all anyconnect clients.  This is a configurable option in the IPSec client.

Workaround:

Currently there is no workaround


And  i can see it is resolved in 2.4.202 however i am not sure if its  resolved in 2.5 also. For this i would like to hear from others.



Regards,


Shilpa

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Herbert Baerten
Cisco Employee
Cisco Employee

‎11-29-2010 11:53 AM

Hi,

All bugfixes and new features in 2.4.x are also in 2.5.

However the 'bug' Shilpa pointed to, is not really a bug but an enhancement request, in other words in 2.3 and earlier the username being cached was expected behavior, and it is still the default behavior in the 'fixed' versions, so simply upgrading will not change anything. What changed is that now you can modify the behavior by setting a new parameter RestrictPreferenceCaching in the local policy file  :

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac04localpolicy.html#wp1055429

So adding e.g. 

    All

to your local policy should achieve what you want.

hth

Herbert

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Herbert Baerten
Cisco Employee
Cisco Employee

‎11-29-2010 11:53 AM

Hi,

All bugfixes and new features in 2.4.x are also in 2.5.

However the 'bug' Shilpa pointed to, is not really a bug but an enhancement request, in other words in 2.3 and earlier the username being cached was expected behavior, and it is still the default behavior in the 'fixed' versions, so simply upgrading will not change anything. What changed is that now you can modify the behavior by setting a new parameter RestrictPreferenceCaching in the local policy file  :

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac04localpolicy.html#wp1055429

So adding e.g. 

    All

to your local policy should achieve what you want.

hth

Herbert

0 Helpful

Go to solution
strakamar
Level 1
Level 1
In response to Herbert Baerten

‎11-29-2010 07:16 PM

Thanks Herbert that did it.

I modified the local xml and poof no more cached credentials.

If I read the article correctly this cannot be pushed down by the asa. I am going to have to do it through our software delivery system. It would be nice if it was in the profile that gets pulled down by the asa.

Purhaps in future releases.

Once again thank you for your quick and informative reply.

0 Helpful
Customers Also Viewed These Support Documents