Configure service provider

Prerequisite: Preparation.

This section describes how to configure ALM service provider (SP) by completing the Service Provider Settings step.

After completing this step, you can find the SP configuration file in the following ALM repository: {ALM repository}\sa\DomsInfo\osp\basic.properties.

Properties

In the Service Provider Settings > Properties tab, complete the following configurations:

Field (* Required) Description
*Service Provider Host Name
  • If no proxy or load balancer is used, keep the SP host name the same as the ALM server domain name, because SP is by default deployed on the ALM server.

  • If a proxy or load balancer is already set for the ALM server, enter the domain name of the proxy or load balancer.

*Service Provider Port
  • If no proxy or load balancer is used, keep the SP port number the same as the ALM server port number.
  • If a proxy or load balancer is already set for the ALM server, enter the port number of the proxy or load balancer. You can find the port number in the server log. For details about how to see SSO logs, see FAQ.
*Service Provider Https Enabled
  • If no proxy or load balancer is used, enable HTTPs for SP if the ALM server enables HTTPs, and disable HTTPs for SP if the ALM server disables HTTPs.

  • If a proxy or load balancer node is already set for the ALM server, enable HTTPs for SP if the proxy or load balancer enables HTTPs, and disable HTTPs for SP if the proxy or load balancer disables HTTPs.

*Enable Local Authentication

This option controls whether or not ALM users that are set as local users can log in to ALM locally when ALM runs in SSO mode.

  • No. When ALM runs in SSO mode, ALM does not support local authentication. Only users with real IdP IDs can access ALM.
  • Yes. When ALM runs in SSO mode, ALM also supports local authentication. Both local users and users with real IdP IDs can access ALM.

For details about configuring user's IdP ID and identity key, see Update user details.

Note: The My Profile tab provides a shortcut to configure your IdP ID and identity key. See Set up your profile.

*SSO Token Secret

The SSO token secret is a credential granted from ALM SP to ALM and its value should be reserved in ALM SP in advance.

ALM is required to carry this credential when it sends requests to its SP for SSO token generation.

Back to top

SSO Certificate

The SSO certificate is used to encrypt and decrypt the SAML requests and responses between ALM SP and IdPs.

Overview

You can provide the certificate either by uploading the keystore file or by entering the certificate information manually. After uploading the certificate, you can view its details or upload a different certificate.

Note: For details about how to create an SAML certificate for ALM, see FAQ.

Upload a keystore file

To provide your certificate by uploading a keystore file:

  1. Open Service Provider Settings > SSO Certificate.
  2. In the Certificate Submission Type filed, select Upload Keystore File.
  3. In the Choose File to Upload field, select the keystore file that contains the certificate.

    Make sure the certificate in the keystore file contains both the private key and the public key.

    The following table lists the supported keystore types and the corresponding supported keystore file extensions.

    Supported keystore types Supported file extensions
    JKS
    • .jks

    • .ks

    JCEKS
    • .jce

    PKCS12
    • .p12

    • .pfx

  4. Enter the keystore and key password.
  5. Enter the alias of the certificate that is used in the keystore file.
  6. Click Save.

Enter certificate information manually

To provide your certificate by entering the certificate information manually:

  1. Click Service Provider Settings > SSO Certificate.
  2. In the Certificate Submission Type filed, select Manually Enter.
  3. Enter the keystore and certificate passwords, certificate chain, and private key.
  4. Click Save.

Upload a different certificate

After uploading the certificate, you can view its details or upload a different certificate.

The SSO Certificate tab displays the alias and expiration date of the certificate. To view more details, click the View Certificate link.

To upload a different certificate:

  1. Delete the current certificate.

    Delete certificate using the wizard

    To delete the current certificate using the SSO Configuration wizard:

    1. In the Service Provider Settings > SSO Certificate tab, click Delete.

    2. In the Delete Certificate dialog box, provide the keystore and certificate passwords, and click Delete.

    3. Refresh the page.

    Delete certificate from the ALM repository

    Delete the current certificate from the following directory:

    {ALM Deploy Directory}\ALM\repository\sa\DomsInfo\osp\.

  2. Upload the new certificate.
  3. Restart the ALM server. If ALM is deployed in a cluster environment, restart every node.
  4. If you have shared ALM SP metadata with your IdP, obtain the updated SP metadata and share it with your IdP again.

Back to top

FAQ

Back to top

Next steps: