Cisco AnyConnect Secure Mobility Client Administrator Guide, Version 4.0 – Configure Network Access Manager [Cisco AnyConnect Secure Mobility Client]
π₯οΈ
An EAP conversation may include more than one EAP authentication method, and the identities claimed for each of these authentications (eg device authentication followed by user authentication) may differ. For example, the peer might initially claim the identity of nouser@cisco.com to route the authentication request to the cisco.com EAP server. However, once a TLS session has been negotiated, the peer may claim the identity of johndoe@cisco.com. Thus, even if protection is provided by the user’s identity, the destination domain may not necessarily match, unless the conversation ends at the local authentication server.
For user connections, when a file [username] And [domain]
Placeholder styles are used, and the following conditions apply:
-
If a client certificate is used for authentication – get placeholder values ββfor [username] And [password]
Of the various characteristics of the X509 certificate. The properties are analyzed in the order given below, according to the first match. For example, if the identifier is userA@example.com (where username = userA and domain = example.com) for user authentication and hostA.example.com (where username = hostA and domain = example.com) for device authentication, parsed The following characteristics: -
If user certificate-based authentication:
-
SubjectAlternativeName: UPN = userA@example.com
-
Subject = … / CN=userA@example.com / …
-
Subject = userA@eample.com
-
subject = … / cn = userA / DC = example / DC = com / …
-
subject = userA (no domain)
-
-
If device certificate-based authentication:
-
SubjectAlternativeName: DNS = hostA.example.com
-
subject = … / DC = hostA.example.com / …
-
subject = … / cn = hostA.example.com / …
-
Subject = hostA.example.com
-
-
If the source of the credential is the end user – get the placeholder value from the information entered by the user.
-
If the credentials were obtained from the operating system – get the placeholder value from the login information.
-
If the credentials are static – don’t use any placeholders.
In the Credentials pane, you can specify the credentials that are required to be used to authenticate the associated network.
[ad_1]
Don’t forget to share this post with friends !