Morning,
We're experiencing an issue using DUO SSO with Cisco ASA / Anyconnect, and I wondered if anybody had seen a similar issue.
Initially we were using a self signed cert on the ASA, and then when trying to use DUO SSO via Anyconnect, the Anyconnect embedded browser rejected the cert. We then update the cert to a publically signed cert, and installed this and updated DNS records.
Now when logging in via Anyconnect, you are redirect to the DUO SSO Login, the authentication is accepted and the push is sent to the mobile. Upon completing the push, the embedded browser once again presents an invalid cert error.
I have run WIreshark during this process, and for whatever reason halfway through the capture, the client machine starts running DNS lookups for the previous FQDN we were using on the ASA (when we had self-signed). And also tries to use this FQDN in the SNI field during TLS handshake.
Has anyone seen anything similar?