Cisco ASA 5505 User Manual

67-92

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Configuring User Attributes

•

none—Specifies compression is disabled for the group or user.

For clientless SSL VPN session, the compression command configured from global configuration mode
overrides the http-comp command configured in group policy and username webvpn modes.

In the following example, compression is disabled for the username testuser:

hostname(config)# username testuser internal

hostname(config)# username testuser attributes

hostname(config-username)# webvpn

hostname(config-username-webvpn)# http-comp none

hostname(config-username-webvpn)#

Specifying the SSO Server

Single sign-on support, available only for clientless SSL VPN sessions, lets users access different secure
services on different servers without reentering a username and password more than once. The
sso-server value command, when entered in username-webvpn mode, lets you assign an SSO server to
a user.

To assign an SSO server to a user, use the sso-server value command in username-webvpn configuration
mode. This command requires that your configuration include CA SiteMinder command.

hostname(config-username-webvpn)# sso-server value server_name

hostname(config-username-webvpn)#

To remove the assignment and use the default policy, use the no form of this command. To prevent
inheriting the default policy, use the sso-server none command.

hostname(config-username-webvpn)# sso-server {value server_name | none}

hostname(config-username-webvpn)# [no] sso-server value server_name

The default policy assigned to the SSO server is DfltGrpPolicy.

The following example assigns the SSO server named example to the user named anyuser:

hostname(config)# username anyuser attributes

hostname(config-username)# webvpn

hostname(config-username-webvpn)# sso-server value example

hostname(config-username-webvpn)#