The
auto-signon command is
a single sign-on method for users of clientless SSL VPN sessions. It passes the
login credentials (username and password) to internal servers for
authentication using NTLM authentication, basic authentication, or both.
Multiple auto-signon commands can be entered and are processed according to the
input order (early commands take precedence).
You can use the auto-signon feature in three
modes: webvpn configuration, webvpn group configuration, or webvpn username
configuration mode. The typical precedence behavior applies where username
supersedes group, and group supersedes global. The mode you choose depends upon
the desired scope of authentication.
To disable auto-signon for a particular user to
a particular server, use the
no form of the command
with the original specification of IP block or URI. To disable authentication
to all servers, use the
no form without
arguments. The
no option allows
inheritance of a value from the group policy.
The following example, entered in group-policy
webvpn configuration mode, configures auto-signon for the user named anyuser,
using basic authentication, to servers with IP addresses ranging from 10.1.1.0
to 10.1.1.255:
The following example commands configure
auto-signon for users of clientless SSL VPN sessions, using either basic or
NTLM authentication, to servers defined by the URI mask
https://*.example.com/*:
hostname(config)# group-policy ExamplePolicy attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# auto-signon allow uri https://*.example.com/* auth-type all
hostname(config-group-webvpn)#
The following example commands configure
auto-signon for users of clientless SSL VPN sessions, using either basic or
NTLM authentication, to the server with the IP address 10.1.1.0, using subnet
mask 255.255.255.0:
hostname(config)# group-policy ExamplePolicy attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# auto-signon allow ip 10.1.1.0 255.255.255.0 auth-type all
hostname(config-group-webvpn)#