Configuring CXO-COCKPIT to use SAML Authentication
Before we start configuring Identity Provider to work with CXO-COCKPIT Service Provider we should first setup SAML authentication settings in CXO-COCKPIT using CXO-COCKPIT Configurator.
When the configuration of CXO-COCKPIT is finished we can add "CXO-COCKPIT" as a service provider to AD FS.
AD FS or Active Directory Federation Services is a way to share secured login information across trusted platforms within your organization. Another great benefit to using AD FS would be that AD FS provides an identity federation solution to companies and organizations that would like to share identify information across many platforms in a more secure way.
Once you have followed the steps below, you can use your secure credentials to login to CXO as well and when you are finished, you can log off of all trusted sites.
Step by step tutorial of setting up AD FS Identity Provider to work with CXO-COCKPIT Service Provider
Before going through these steps, make sure you've configured CXO-Cockpit to used SAML as authentication provider (see Configurator → Settings) and that the SAML settings are specified (see Configurator → Maintenance → Authentication settings).
- Open AD FS Management tool
- Open Add Relying Party Trust Wizard
- Import data about the relaying party published online or on a local network
- Choose a Display Name
- Choose "do not configure multi-factor authentication"
- Choose "Permit all users to access this relying party
- Click Next
- Check the checkbox and click Close
- Specify the claims which should be sent to the relaying party.
Note: At least nameidentifier claim has to be sent to the relaying party
Troubleshooting AD FS
Troubleshooting Logout Issues
If a logout request failed on AD FS you might see screen like the one displayed below:
Open event viewer
If you use rsa-sha1 signature algorithm for signing logout requests you have to adjust secure hash algorithm for the service provider.
See print-screen below for more details
