Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Could use some help with Azure SSO for community edition Cortex XSOAR

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Could use some help with Azure SSO for community edition Cortex XSOAR

L1 Bithead

Hello,

 

I have tried many settings and can't seem to quite figure out what text is to be entered into the setup section within Xsoar for the Azure SAML SSO setup. I keep getting this error: 

 

" {"id":"errSAMLLogin","status":400,"title":"Failed to login via SAML","detail":"Failed to login via SAML","error":"","encrypted":false,"multires":null} "

 

I have tried many different names and mappings to Azure. Any insight as to what the entry should look like on the Xsoar side would be greatly appreciated.

DriveYourAceOff_0-1651006685822.png

 

This is what I have currently made my entries in Azure to be, and have used the claim name in Xsoar and am still getting the error.

 

Thank you,

 

Richard

 

15 REPLIES 15

L5 Sessionator

Hi Richard,

 

Your claim details don't look right for Azure. They should look like this. 

original.png

Take a look at this documentation - https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-6/cortex-xsoar-admin/users-and-roles/authent...

 

Thank you very much for the reply, I have never removed the schema before and have tried it both ways. I have re-added the schema back and still get the same error. I think what I am in need of is what the entry should look like on xsoar side of things. I got the removal of the schema line by looking at the example above in the link that you gave me. 

 

Here is a screen shot of my saml response with the schemas being sent to xsoar:

DriveYourAceOff_0-1651072195683.png

 

Any other ideas would be greatly welcomed.

 

Richard

can you share a screenshot of your integration settings as well please

My current settings: 

DriveYourAceOff_0-1651078721415.png

 

If you want to see all of the settings, please let me know. I can take additional screen shots.

 

Yes please

DriveYourAceOff_0-1651079991244.png

 

DriveYourAceOff_1-1651080032092.png

 

DriveYourAceOff_2-1651080083697.png

 

 

DriveYourAceOff_3-1651080157639.png

 

Thank you again for assisting.

 

Richard

 

 

L5 Sessionator

Hi @DriveYourAceOff, it should looks like this.

 

Screen Shot 2022-04-28 at 2.47.56 pm.png

 

Also the last option should look like this. According to the documentation - 

 

"In the Service Identifier (ADFS) field, copy the characters after the appid value, which can be found at the end of the App Federation Metadata URL (section 3 in SAML Certificate)."

Screen Shot 2022-04-28 at 2.50.56 pm.png

Let me know if this works for your. 

 

Thanks, Jeremy.

Is there any way that you can tell me what the fields say at the end of the attributes you used.

Thanks again, I am still getting the same error however. Here are my new settings, and I believe that they are correct. I am thinking that I may start fresh and try again, but here are my newest settings:

 

DriveYourAceOff_0-1651176452361.png

I se the appid section and copied that value to put in below:

 

DriveYourAceOff_1-1651176538004.png

The only field in question is the group field. I feel like that may be wrong as there are several different ways to make the group throughout the instructions. I have used the below method, and it does look like it is getting the correct group from Azure in the saml response xml.

DriveYourAceOff_2-1651176735294.png

 

 

Thanks again for the help!

 

Richard

Hi Richard,

 

 

I'm not sure about the iDP Metadata URL. You can copy then from the below 

Screen Shot 2022-04-29 at 1.29.46 pm.png

 

Attribute to get group should be set in a similar way.

Screen Shot 2022-04-29 at 1.33.41 pm.png

Thanks, Jeremy

 

L0 Member

In Cortex XSOAR, go to Settings > Integrations > Credentials and create a new credentials set.In the Username parameter, enter your registered app Application D.In the Password parameter, enter the secret value you created.Copy your tenant ID for the integration configuration usage.

I updated the group to include the namespace, but am still getting the same error.

Can you please send me the link to this documentation in xsoar so that I can follow it, this makes sense but I want to make sure that I get the values from the correct places. There is no secret with an Enterprise Application in Azure, so that is where I am getting a little bit lost. 

 

Thanks!

L5 Sessionator
  • 7973 Views
  • 15 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!