Share this page
Preparation
Consider the following before starting the SSO configuration tasks:
| Item | Description |
|---|---|
| Site administration privilege | You should have the site administration privilege to access the SSO Configuration Tool. |
| IdP | An identity provider (IdP) is available to register OpenText Application Quality Management as its service provider (SP). |
| Certificate |
You have already obtained a certificate (or a keystore file to store the certificate) that is used to sign SAML2 and OAuth tokens. The keystore file is uploaded during the SSO configuration process. |
| HTTPs | The HTTPs communication between the IdP and the OpenText Application Quality Management server (the proxy or load balancer, if any) is enabled and works. |
|
Certificates |
Prepare the following certificates:
|
| System time |
If OpenText Application Quality Management is deployed in a cluster environment, make sure the system time on all nodes and on IdP servers is synchronized as closely as possible. The systems on these servers can be configured to use a network time synchronization protocol such as the Network Time Protocol (NTP). If the time on any ALM node is different from the time on the IdP server, the authentication fails. |
| Node running in load balancer | If OpenText Application Quality Management is deployed in a cluster environment, make sure only one node is running in the load balancer. |
FAQ
Q: We get confused with the IdP certificate, SAML certificate, and HTTPS certificate etc. What certificates are required in SSO configuration and what certificates are used when communicating with IdPs?
A: The following table explains the different types of certificates:
| Certificate | Description |
|---|---|
| IdP SAML certificate |
OpenText Application Quality Management does not import the IdP SAML certificate. Only the IdP metadata is required in which the IdP certificates are contained. |
| IdP SSL certificate | It should be imported into the JVM keystore on which OpenText Application Quality Management runs. |
| OpenText Application Quality Management SAML certificate | It is used to encrypt and decrypt the SAML requests and responses between OpenText Application Quality Management and IdPs. Provide the certificate in Service Provider Settings > SSO Certificate of the SSO configuration wizard. For details, see SSO Certificate. |
| ALM/ALM's proxy SSL certificate | It should be imported into the JVM keystore on which OpenText Application Quality Management runs. |
Next steps:
