Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
165
Views
0
Helpful
1
Replies

VPN portal identity certificate change

serranoelias
Level 1
Level 1

‎02-21-2024 06:03 AM - edited ‎02-21-2024 06:04 AM

Hello everyone, we are carrying out a job to renew the VPN portal identity certificate on an ASA computer. When making the change, the AnyConnect pop-up window appears with the following message: "Single sign-on AnyConnect token verification failure".
Has this happened to anyone else?

popup.jpg

Labels:
0 Helpful
1 Reply 1

Pulkit Mittal
Level 1
Level 1

‎02-29-2024 03:22 AM

This can happen for the following reasons:

  • If you are affected by a Cisco bug where changes to the SAML Server configuration for the AnyConnect Connection Profile do not take effect immediately,
  • If you have misconfigured the SAML Identity Provider for the AnyConnect Connection profile.
  • If you attempt to configure a single ASA to authenticate against multiple DAG servers.
  • If the Cisco ASA is not properly synced to an external NTP server. Please make sure that it is not relying on an internal NTP source or a date and time that has been manually configured.
  • A certificate mismatch has been shown to cause this exact error.

Most likely the last option above as per the Duo support article I could find.

Please mark this helpful if you are happy with the response.

 

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents