Page tree
Skip to end of metadata
Go to start of metadata

To setup Dome9 SSO with ADFS perform the following steps:


  1. In Dome9 SSO settings page, set the account ID, issuer and endpoint URL with your FS.domain URL

 

2. Use the following Service Provider Metadata XML, make sure to update yourcompanyname to match the string configured in step 1.

If needed update validUntil and cacheDuration

<?xml version="1.0"?>  
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2017-09-03T06:43:37Z" cacheDuration="PT604800S" entityID="https://secure.dome9.com">
   <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
       <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
         <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://secure.dome9.com/sso/saml/<yourcompanyname>" index="1" />
   </md:SPSSODescriptor>
</md:EntityDescriptor>


3. In ADFS, Configure Relying Party, follow the following steps in the wizard:


 

Import the Service Provider Metadata xml from Step 2.



Click Next until the end of the wizard:




Next, edit the Claim rules:

Click Add



Set the Get email rule and click finish


Click the add rule again:



Follow the following steps:


Click Finish

  • No labels