End-of-Life (EoL)

Create Relying Party Trust in ADFS

SAML AF DS Set up
In ADFS you need to create a Relying Party Trust. The following procedure uses ADFS 3.0 on Windows Server 2016 and shows demistodev.local as the ADFS portal service which will allow a trust connection from the https://demo.demisto.com web server.
You must have a valid and trusted server certificate for ADFS to work, not the self-signed certificates that come with Cortex XSOAR. If you do not use a trusted server certificate for ADFS, you will experience TLS connection issues with ADFS and the integration will not work properly.
  1. Log in to the ADFS server management console.
  2. In the tree in the left panel, right-click
    Service
    and select
    Edit Federation Service Properties
    .
  3. Click the
    General
    tab and confirm that the DNS entries and certificates names are correct.
  4. In the tree in the left panel, right-click
    Relying Party Trusts
    and select
    Add Relying Party Trusts
    .
  5. The Add Relying Party Trust Wizard screen appears. Click
    Start
    .
  6. In the Select Data Source page, select
    Enter data about the relying party manually
    .
  7. Click
    Next
    .
  8. In the Specify Display Name page, type a display name for the trust in the Display name field. In this example, the name of the trust is Demisto.
  9. Click
    Next
    .
  10. (Optional)
    In the Configure Certificate page, you can configure the claims encryption.
  11. Click
    Next
    .
  12. In the Configure URL page, select
    Enable support for the SAML 2.0 Web SSO protocol
    , and enter the Cortex XSOAR server URL followed by /SAML.
  13. Click
    Next
    .
  14. In the Configure Identifiers page, add the Relying party trust identifier. The identifier can be a friendly name, the same as the Display name, or the application URL. This identifier is used to redirect the user back to the Cortex XSOAR web server instead of asking the user to manually choose which service should log in to the ADFS IDP portal.
  15. Click
    Next
    .
  16. In the Choose Access Control Policy page, select an access control policy for the authentication portal. In this example, we choose
    .
  17. Click
    Next
    .
  18. In the Ready to Add Trust page, verify that all the setting are correct.
  19. Click
    Next
    and then click
    Close
    .

Recommended For You