Preparation

Consider the following before starting the SSO configuration tasks:

Item	Description
Site administration privilege	You should have the ALM site administration privilege to access the SSO Configuration Tool.
IdP	An identity provider (IdP) is available to register ALM as its service provider (SP).
Certificate	You have already obtained a certificate (or a keystore file to store the certificate) that is used for ALM to sign SAML2 and OAuth tokens. The keystore file is uploaded during the SSO configuration process.
HTTPs	The HTTPs communication between the IdP and the ALM server (the proxy or load balancer, if any) is enabled and works.
Certificates	Prepare the following certificates: IdP SSL certificate ALM SAML certificate SSL certificate of the proxy or load balancer that is set up for the ALM server
System time	If ALM is deployed in a cluster environment, make sure the system time on all ALM nodes and on IdP servers is synchronized as closely as possible. The systems on these servers can be configured to use a network time synchronization protocol such as the Network Time Protocol (NTP). If the time on any ALM node is different from the time on the IdP server, the authentication fails.
Node running in load balancer	If ALM is deployed in a cluster environment, make sure only one node is running in the load balancer.

FAQ

Q： We get confused with the IdP certificate, SAML certificate, and HTTPS certificate etc. What certificates are required in ALM SSO configuration and what certificates are used when ALM communicates with IdPs?

A: The following table explains the different types of certificates:

Certificate	Description
IdP SAML certificate	ALM does not import the IdP SAML certificate. ALM only requires the IdP metadata in which the IdP certificates are contained.
IdP SSL certificate	It should be imported into the JVM keystore on which ALM runs.
ALM SAML certificate	It is used to encrypt and decrypt the SAML requests and responses between ALM and IdPs. Provide the certificate in Service Provider Settings > SSO Certificate of the SSO configuration wizard. For details, see SSO Certificate.
ALM/ALM's proxy SSL certificate	It should be imported into the JVM keystore on which ALM runs.

Next steps:

Configure service provider

Explore

Help Center Home

More ADM Help Centers

Download Help Center

Connect

Education Services

Contact

Send Help Center Feedback

Send Help Center Feedback

Let us know how we can improve your Help Center experience.

Send your email to: admdocteam@opentext.com

Last updated July 26, 2024

Terms of Use | Privacy

© 2024 Open Text