Guest

Preview Tool

Cisco Bug: CSCvu07033 - DOC: DAP engine does not support being fed by SAML exchange information

Last Modified

Aug 27, 2020

Products (1)

  • Cisco AnyConnect Secure Mobility Client

Known Affected Releases

4.8(3036)

Description (partial)

Symptom:
According to the following configuration guide:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/configuration/vpn/asa-99-vpn-config/webvpn-configure-users.html

"DAP is not supported for SAML enabled tunnel groups" which is referring to information from the SAML exchange being fed into DAP engine, similar to AAA attributes from RADIUS. DAP still runs, but it doesn’t have any of the extra info from authentication. Non-SAML attributes, like ones collected from Hostscan, should still work/be available.

Conditions:
AnyConnect using SAML and DAP with HostScan
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.