How do I configure Artifactory SAML SSO with ADFS?

Please use our Wiki - SAML SSO Integration to configure your Artifactory to use ADFS Single-sign-on(SSO). In addition, you may refer to the Sample Walk-Through that we created to configure ADFS 3.0 with Artifactory. Please note that you may have some differences if you are using ADFS 2.0.



1.     Open the AD FS Management Console.

2.     In the tree browser on the left, Navigate to "Trust Relationships" → "Relying Party Trusts".

3.     Click on "Add Relying Party Trust" (Under the "Actions" window on the right side of the console).

4.     In the "Add relying Party Trust Wizard" dialog, click "Start".

5.     Select "Enter data about the relying party manually" and click "Next".

6.     Choose any "Display name" and click "Next".

7.     Choose "AD FS profile" and click "Next".

8.     Click "Next".

9.     Choose "Enable support for the SAML 2.0 WebSSO protocol" and in the URL textbox fill in: "https://{ARTIFACTORY_URL}/webapp/saml/loginResponse" and click "Next". (Example of {ARTIFACTORY_URL}: or https://yourcompany.local:8443/artifactory )

10.   In the "Relying party trust identifier" textbox fill in: "https://{ARTIFACTORY_URL}" and click "Add", click "Next".

11.   Choose "I do not want to configure multi-factor authentication settings..." and click "Next".

12.   Choose "Permit all users to access this relying party" and click "Next".

13.   Click "Next".

14.   Choose "Open the Edit Claim Rules dialog..." and click "Close".

15.   In the "Edit Claim Rules for Name" dialog, click on "Add Rule..."

16.   In the "Claim rule template" dropbox, choose "Send LDAP attributes as claims" and click "Next".

17.   Fill in any "Claim rules name" and in the "Attribute store" dropbox choose "Active Directory".

18.   In the "Mapping of LDAP attributes..." section, in the "LDAP attribute" choose "SAM-Account-Name" or "Email Address". In the "Outgoing claim type" dropbox choose "Name ID" and click "Finish".

19.   Click "OK".


In your Artifactory UI, log in as your "admin" user and navigate in the "Admin" tab to the "SAML Integration" section and perform the following steps:


1.     Check the "Enable SAML Integration checkbox.

2.     In the "SAML Login URL" textbox fill in: "https://{ADFS_SERVER_URL}/adfs/ls/IdpInitiatedSignOn.aspx"

3.     In the "SAML Logout URL" textbox fill in: "https://{ADFS_SERVER_URL}/adfs/ls?logout"

4.     In the "SAML Service Provider Name" textbox fill in: "https://{ARTIFACTORY_URL}"

5.     In the "SAML Certificate" textbox, paste in you x509 SAML certificate that was generated in your ADFS server (See screenshot below)

6.     Click "Save".

7.     Navigate to the "General" section under "Configuration" (left tree browser) and in the "Custom URL Base" textbox fill in: "https://{ARTIFACTORY_URL}" and click "Save".

8.     Logout Artifactory UI and then try to log in using "SSO Login".