Configuring the BMC Helix SSO server as a SAML service provider

If you plan to use SAML authentication for configuring your realms, you need to configure BMC Helix SSO as a SAML service provider. 

To configure BMC Helix SSO server as a SAML service provider

  1. In the BMC Helix SSO Admin Console, click General > Advanced.
  2. In the SAML Service Provider section, complete the following fields:

    SP Entity ID

    The entity ID of the service provider (SP). You can specify any value for SP Entity ID, for example rsso_sp_hostname. The BMC Helix SSO server name is used as the SP identifier in the Relying Party Trust configured on the Identity Provider (IdP) side.

    External URL

    The external URL of the service provider. It is the URL of the BMC Helix SSO server.

    Note: The URL must be HTTPS only.

    Keystore File

    The keystore file path on the BMC Helix SSO server file system that includes the keystore file name.

    The keystore file contains all the required certificates. If you are using PKCS12 keystores file, the file extension must be .p12.

    If the keystore file is available in the tomcat/rsso/webapp/WEB-INF/classes folder, the value of this field can be the name of the keystore file, where tomcat is the Tomcat path. Otherwise, use the absolute file path.

    Keystore PasswordThe keystore file password. The keypair and keystore password must be the same.

    Signing Key Alias

    The alias name(s) of the signing key(s) in the keystore file. 

    Encryption Key Alias

    The alias name(s) of the encryption key(s) used to encrypt the SAML assertions from the IdP. 

    For information about how to decrypt SAML assertions, see Configuring advanced functions for SAML authentication.

  3. Click Save.

Was this page helpful? Yes No Submitting... Thank you