[Shib-Users] Shibboleth IdP and Cisco VPN

[Tom Scavo]

Certain VPN servers (Cisco, Juniper, maybe others) support SAML Web
Browser SSO. Has anyone successfully configured a Shibboleth IdP to
interoperate with one of these VPN servers?

Thanks for letting me know,

Tom

[Cantor, Scott E.]

> Certain VPN servers (Cisco, Juniper, maybe others) support SAML Web
> Browser SSO. Has anyone successfully configured a Shibboleth IdP to
> interoperate with one of these VPN servers?

Pretty sure somebody managed to get Juniper's working as an SP a while back, you might search the archive in case they aren't on the list anymore.

-- Scott

[Caskey, Paul]

> From: shibboleth-u...@internet2.edu [mailto:shibboleth-users-
> req...@internet2.edu] On Behalf Of Cantor, Scott E.

Best I can tell, Cisco only supports SAML 1.1 and, for some crazy reason, can only be an IdP.
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/webvpn.html#wp1147650

[Tom Scavo]

Yes, thanks, I found the threads covering the Juniper VPN (supports
only SAML V1.1, it seems) but nothing about Cisco VPN so far. Thanks
for the pointer.

Tom

[Peter Schober]

* Caskey, Paul <pca...@utsystem.edu> [2011-03-04 01:53]:

> Best I can tell, Cisco only supports SAML 1.1 and, for some crazy
> reason, can only be an IdP.

Same experience here (though based on looking into this before the 2.x
IdP was released, IIRC).
Our Cisco VPN (for HTTPS access, "WebVPN") now does local
authentication (via RADIUS) and also does a few extra things,
e.g. replaying credentials to a couple of connected services (such as
our Samba-based fileserver infrastructure). For quick and clientless
web-based up/downloading of a handful of files this seems to work fine.
-peter