Set Up SAML Logout - Administrator Guide - 6.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.6
Creation date
2022-09-29
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Configure SAML Logout for Cortex XSOAR. Create a SAML integration with a public/private key pair.

The SAML provider is a user authentication third-party provider that helps to manage users. When you log in, the provider checks if you are a valid user. If you are authenticated, the provider assigns a session ID to you which is valid for a period of time. The next time you log in, you do not need a password, because the session is still valid from the previous login, even if you logged out of Cortex XSOAR. If you log out via SAML, the provider invalidates the session and the next time you log in to the system you need to enter a password.

To set up SAML logout, you need to create a SAML integration with a public/private key pair. You can:

  • Use a self signed certificate.

  • Purchase a certificate from a third-party authority.

  1. (Optional) To use a self signed certificate:

    1. Create the public/private key pair by running the following command:

      openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

      The following two files are created:

      • certificate.crt - Public key

      • privateKey.key - Private key (encrypted)

    2. For the Cortex XSOAR SAML integration, the private key needs to be unencrypted. Run the following command:

      openssl rsa -in privateKey.key -out private_unencrypted.key -outform PEM

      The following file is created: private_unencrypted.key - Private key (unencrypted)

  2. Go to Settings → Integrations → Instances.

  3. Search for SAML 2.0.

  4. Click Add instance to configure a new integration.

  5. In the Service Provider Entity ID field, enter the Cortex XSOAR SAML address.

  6. Click the Sign request and verify response signature option.

    saml-certificates.png
  7. From your identity provider, copy the content of the public certificate file and paste it into the IdP public certificate field of the Cortex XSOAR SAML instance.

  8. Copy the content of your private_unencrypted.key file and paste it into the IdP private key field.

  9. In your identity provider application:

    1. Select the Enable Single Logout option (if applicable).

    2. In the Signature certificate field, upload the certificate.crt file.

    3. Copy the IdP Single Logout URL.

  10. In the IdP Single Logout URL field of the SAML instance, paste the IdP Single Logout URL that you copied in the previous step.

    saml-logout.png
  11. In the Single Logout Service Endpoint field, type the Cortex XSOAR SAML logout address.

    https://<xsoarServer>.com<port>/saml-logout

  12. Click Done.