Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1261
Views
0
Helpful
0
Replies

DUO DAG SAML Anyconnect with ASA DAP Policy

scott.mickelsonAMS
Level 1
Level 1

‎06-05-2019 12:36 PM

We’ve been having issues with DUO SAML Anyconnect via ASA that is using a DAP Policy to filter Users into proper VPN Policies.
ASA Version 9.9.2(36)
DAG on Windows in DMZ
We’re seeing successful authentication on both sets of credentials (AD and DUO).
I am seeing ‘Login Denied’ after Approving the Duo Push notification.
I’ve worked with DUO Support, but we hit their limint on ASA Configuration knowledge.
In my ASA Log I am seeing the following error, which indicates that somewhere along the way, the username@domain.com is being password to the DAP, when we’re trying to use username without the realm. I’ve tried turning on realm stripping, but that did not change the errors at all.
If anyone has some comments on getting through this, I’d really appreciate it. I’m waiting for Corporate to renew our Support Contract for the ASA5525X, so I’m stuck for now.

0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents