Consider the following before starting the SSO configuration tasks:
|Site administration privilege||You should have the ALM site administration privilege to access the SSO Configuration Tool.|
|IdP||An identity provider (IdP) is available to register ALM as its service provider (SP).|
You have already obtained a certificate (or a keystore file to store the certificate) that is used for ALM to sign SAML2 and OAuth tokens.
The keystore file is uploaded during the SSO configuration process.
|HTTPs||The HTTPs communication between the IdP and the ALM server (the proxy or load balancer, if any) is enabled and works.|
Prepare the following certificates:
If ALM is deployed in a cluster environment, make sure the system time on all ALM nodes and on IdP servers is synchronized as closely as possible.
The systems on these servers can be configured to use a network time synchronization protocol such as the Network Time Protocol (NTP). If the time on any ALM node is different from the time on the IdP server, the authentication fails.
|Node running in load balancer||If ALM is deployed in a cluster environment, make sure only one node is running in the load balancer.|
A: The following table explains the different types of certificates:
|IdP SAML certificate||
ALM does not import the IdP SAML certificate. ALM only requires the IdP metadata in which the IdP certificates are contained.
|IdP SSL certificate||It should be imported into the JVM keystore on which ALM runs.|
|ALM SAML certificate||It is used to encrypt and decrypt the SAML requests and responses between ALM and IdPs. Provide the certificate in Service Provider Settings > SSO Certificate of the SSO configuration wizard. For details, see SSO Certificate.|
|ALM/ALM's proxy SSL certificate||It should be imported into the JVM keystore on which ALM runs.|