Merge pull request #99 from brunoebernardi/patch-1

Update 06.adfs.md

docs/08.integration/06.adfs/06.adfs.md

@@ -107,3 +107,51 @@ Please see the [Users and Roles](/configuration/users#mapping-groups-to-roles-an
 1. ADFS SamlResponseSignature needs to be either MessageOnly or MessageAndAssertion.  Use Get-AdfsRelyingPartyTrust command to verify or update it.
 
 ![adfsTroubleshooting](nv_adfs2.png)
+
+
+2. Time synchronization between Kubernetes Nodes x ADFS Server
+
+For a successful authentication, the time between the Kubernetess nodes and the ADFS server needs to be the same to avoid time sync or clock drift issues. 
+
+It's recommended to use an [NTP server](https://en.wikipedia.org/wiki/Network_Time_Protocol), with equal time settings across all servers. 
+
+Please check and confirm that both ADFS and NeuVector hosts are synchronized and the potential delays do not exceed more than 10 seconds. You can use Linux and Windows commands to check dates, times and NTP server activity.
+
+:::tip
+You can reload the auth times by disabling and enabling again the config in the NeuVector UI as follows:
+
+- Log in to NeuVector with Admin User 
+- Go to Settings 
+- Click on the button to disable and enable the SAML setting
+  - **Make sure to keep the configuration settings!**
+
+Once the setting has been re-enabled, you can try to log in with an ADFS user. If it works, this confirms the issue was due to a time synchronization error between Kubernetes nodes and the ADFS Server. 
+:::
+
+
+3. SAML characters must be case sensitive in NeuVector UI
+
+Attribute names are case sensitive. Make sure any SAML attribute name configured here is an exact match to the application configuration. SAML must point to the correct URL to authenticate. 
+
+All the fields in `NeuVector UI -> Settings -> SAML Settings` are case-sensitive.
+
+The NeuVector controller logs contain the relevant information about authentication with the ADFS server and errors that will help identify the root cause. We recommended recreate the failed login condition and check the logs.
+
+4. Make sure to enter the correct groups, certificates and protocols
+
+The SAML settings need to match the following configuration:
+
+| Setting | Value |
+| ------- | ----- |
+| Identify Provider Single Sign-On URL | Requires HTTPS protocol |
+| Identity Provider Issuer | Requires HTTP protocol |
+| ADFS SamlResponseSignature | Needs to be either MessageOnly or MessageAndAssertion |
+
+:::warning attention
+These settings need to be validated on your ADFS server and in the NeuVector UI.
+:::
+
+The selected certificate needs to be valid and correctly generated, including its `CA Root` and `Intermediate Certificates`. You can generate them using your trusted certificate authority, Windows or an automation tool such as [LetsEncrypt](https://letsencrypt.org/).
+
+If any of these parameters are incorrect, you will receive an `Authentication Failed` error when you try to log in to NeuVector with an ADFS user using SAML authentication.
+