asa913-k8.bin and asdm-714.bin seem to be working flawlessly. Previous versions seemed buggy when implementing SC+AD or AD authentication (user selectable upon connection).
Created two AnyConnect Connection Profiles- one with authentication method set to BOTH (cert and AAA) and one with authentication method set to AAA only. Ticked the box to allow user select connectipn profile on the login page.
Also created two Group Policies for ssl-client tunneling protocols- only modified the connection profile of each Group Policy to a manual selection of "BOTH" or "AAA only" connection profiles (not inherit, as set by default).
At first the connecting anyconnect client is prompted to insert a smartcard.
User inserts a smartcard, enters PIN and then is prompted for a password.
Skipping the smartcard prompt allows the user to select the other group policy of "AAA only" and continue authenticating via AD authentication only (smart-card not used).
Hi,
ReplyDeleteIs there a way that we can eliminate the smart card prompt for smart card for the users connecting to a group not configured for smart card authentication?