Step 0: Preparation

Before starting the SSO configuration tasks, make sure the following are ready:

  • You have the ALM site administration privilege to access the SSO Configuration Tool.
  • IdP is available to register ALM as its SAML SP.
  • You have already obtained a certificate (or a keystore file to store the certificate) that is used for ALM to sign SAML2 and OAuth token.

    The keystore file will be uploaded to SSO Configuration Tool.

  • HTTPS communication between IdP and ALM/ALM's reverse proxy is enabled and works normally.

  • Add the IdP SSL certificate and ALM server/ALM's reverse proxy SSL certificate to ALM's JVM trusted key store.
  • If ALM is deployed in a cluster environment, make sure the system time on all ALM nodes and on users' IdP servers are synchronized as closely as possible. The systems on these servers can be configured to use a network time synchronization protocol such as the Network Time Protocol (NTP). If the time on any ALM node is different from the time on the IdP server, the authentication fails.

  • If ALM is deployed in a cluster environment, only one node is running in the load balance.


Next steps: