Today, there are many different products that use SAML-authentication from well-known companies like Microsoft, Okta, Ping Identity and even Cisco (through their Duo service).Īs of this writing, successful SAML-authentications taking place for VPN does not “carry over” for use with other services because of how An圜onnect works… so keep that in mind for your own implementation.
The general idea of SAML is that once you have gone through a succesful authentication, you are handed a sort of cookie or “ticket” inside your web browser that will allow you to automatically be signed into the next service you want to use that also uses the same SAML-authentication. SAML has grown big in the last few years to provide authentication and single sign-on (SSO) experiences for applications like email, websites, ticket services and much more. However, if your VPN-solution consists of an Cisco ASA-firewall and the An圜onnect VPN software, there is a new option/protocol available to handle authentication: SAML, which stands for Security Assertion Markup Language. To authenticate end-users that connect to the VPN, it is very common to utilize an external database of users and to communicate with this external database you usually have to use the LDAP or RADIUS-protocol to talk either directly to an LDAP-catalog or to a RADIUS-server (like Cisco’s Identity Services Engine, ISE, for example). Most networking administrators have probably spent at least some time setting up a remote-access VPN for their company or for a customer.
0 kommentar(er)
