Wednesday, July 28, 2010

Single Sign on with Cisco SSL VPN and Sharepoint

We just deployed sharepoint at my job and I was looking for a way to have a single sign on with our ssl vpn using our Cisco ASA and Sharepoint. I was looking at cisco forums and couldn't get any answer. After playing around with the ASA settings 4 hours later, I was able to make it work and it was so simple to do. Make sure that you are using the same authentication you are using with SSL VPN and Sharepoint. Our VPN SSL is setup using LDAP or NTDomain authentication. With SSO enable, it will pass the credential you use to log in to SSL VPN to Sharepoint.

First you have to enable single sign by going in to

Configuration->Clientless SSL VPN Access->Group Policy choose the policy you want to enable single sign on click edit-> more options -> single sign on and click add
Auhtentication Type=Basic,NTLM, and FTP click OK.

Then go to Configuration->Clientless SSL VPN Access->Portal Customization If you don't have a customize page yet click add and name it SharepointSSO you can name it anything you want then click Edit, another browser will open up.

Under Portal on the left side disable everything in title panel, toolbar, navigation panel, application. Under Homepage choose
Mode=Custom Intranet Web Page
Custom Intranet Web Page URL=http://sharepointserver/_layouts/Authenticate.aspx (The site that let the users authenticate)
URL List Mode= No Group.

Save the custom page and login to your SSL VPN. You should automatically log in to sharepoint.

There are other ways to accomplish this but this is the simplest way so far. There is also a post plugin that you can download and use but I couldn't get it to work at the time I was doing this. Please let me know if you tried the same settings I did and how it work for you.

This settings also works with Citrix Web Interface as long as the client detection feature is NOT enabled.