| License Type | SaaS & On-Premise |
| Main Product Category | Contrast UI |
| Sub Category | Authentication |
Note: This only applies to EOP versions before 3.6.11. Recent versions of the Teamserver utilize the x509 found within the SAML metadata.
Question
When configuring SSO with ADFS, Contrast requires me to provide a .pem file. How do I obtain this?
Answer
The .pem file comes from your ADFS server. You can obtain it by following these steps:
- Log into the ADFS server and open the management console.
- Right-click Service -> Edit Federation Service Properties.
- Confirm the settings in the General tab match your DNS and cert names
- Next, browse to the certificates and export the Token-Signing certificate.
- Right-click the certificate and select View Certificate.
- Under the Details tab, click Copy to File.
- In the Certificate Export Wizard opens, select Next.
- Ensure the No, do not export the private key option is selected, and then click Next.
- Select DER encoded binary X.509 (.cer), and then click Next.
- Select where you want to save the file and give it a name, and then click Next.
- Select Finish.
- As the certificate is required to be in PEM format, you will need to convert this certificate using client or even online tools. For example, this can be done with the following openssl command: openssl x509 -inform der -in certificate.cer -out certificate.pem