Single sign on via ADFS/SAML - Dell DSS - Security - Dell Community

Single sign on via ADFS/SAML

Security

Security
All things Dell Security related

Single sign on via ADFS/SAML

This question is not answered

Hello,

I was hoping someone could assist me getting SSO to work with our on-premises ADFS 4.0 installation. I have some information from Dell around the config:

When configuring Threat Defense with your IdP, you may need the following information (based on your region):

  • Sign-On URL/Assertion Consumer Service (ACS)/Entity ID:
  • App ID URI:

Note: The Threat Defense Console uses the user's email address as the User ID. Some IdP providers use a username as the User ID. In this case, you need to map the User ID to the email address in your IdP's settings.

When configuring an IdP (using SAML 2.0) in the Console, you need:

  • X.509 certificate
  • Login URL for the IdP

 

To create a custom authentication:

  1. Log in to the Threat Defense Console.
  2. Select Settings > Application.
  3. Select Custom Authentication. By default, Allow Password Login is selected. This allows users to login with a username and password while you configure your SSO. It is recommended to keep this setting enabled until your testing is complete.
  4. For Provider, select Custom.
  5. Type or paste your X.509 information in the certificate field.
  6. Type or paste the Login URL for your IdP.
  7. Click Save.

I have configured everything and made claim rules to send the data as 'User ID' as specified but it does not seem to work. I can provide saml traces or additional data if required. Does anyone have this working, or know exactly what attributes/data the server requires for a successful login?

Many thanks for any assistance.

Daniel

All Replies
  • Hi Daniel,

    From your post I did some research and it looks as if the configuration described is not supported.  In the documentation linked below on page 76 there is a note that sates "Custom Authentication does not support Active Directory Federation Services (ADFS).".  

    downloads.dell.com/.../dell-data-protection-threat-defense_administrator guide10_en-us.pdf

    I have sent out an e-mail to my team to see if we've had any success and what those configurations might look like.  I'll update the thread if I hear any good news back.

    Best Regards,

    Stephen O

    Senior Principal Engineer, Support & Delivery Services

    Dell Data Security

    Need Immediate help? Please call DDS Support @ +1.877.459.7304 Ext. 4310039

  • Hi Stephen,

    Thanks for your reply, you are right I didn't see that line :(

    That's a bummer. ADFS can work with SAML so I'm surprised that it isn't supported. We aren't using a 3rd party identity management solution and might not be for some time. Would be nice to SSO it if possible.

    Kind regards,

    Daniel