In ADFS you need to create a Relying Party
Trust. The following procedure uses ADFS 3.0 on Windows Server 2016
and shows demistodev.local as the ADFS portal service which will
allow a trust connection from the https://demo.demisto.com web server.
You
must have a valid and trusted server certificate for ADFS to work,
not the self-signed certificates that come with Cortex XSOAR. If
you do not use a trusted server certificate for ADFS, you will experience
TLS connection issues with ADFS and the integration will not work
properly.
Log in to the ADFS server management console.
In the tree in the left panel, right-click
Service
and
select
Edit Federation Service Properties
.
Click the
General
tab and confirm
that the DNS entries and certificates names are correct.
In the tree in the left panel, right-click
Relying
Party Trusts
and select
Add Relying Party Trusts
.
The Add Relying Party Trust Wizard screen appears. Click
Start
.
In the Select Data Source page, select
Enter
data about the relying party manually
.
Click
Next
.
In the Specify Display Name page, type a display name
for the trust in the Display name field. In this example, the name
of the trust is Demisto.
Click
Next
.
(Optional)
In the Configure Certificate page,
you can configure the claims encryption.
Click
Next
.
In the Configure URL page, select
Enable support for
the SAML 2.0 Web SSO protocol
, and enter the Cortex
XSOAR server URL followed by /SAML.
Click
Next
.
In the Configure Identifiers page, add the Relying party
trust identifier. The identifier can be a friendly name, the same
as the Display name, or the application URL. This identifier is
used to redirect the user back to the Cortex XSOAR web server instead
of asking the user to manually choose which service should log in
to the ADFS IDP portal.
Click
Next
.
In the Choose Access Control Policy page, select an access control
policy for the authentication portal. In this example, we choose .
Click
Next
.
In the Ready to Add Trust page, verify that all the setting
are correct.