Unsupported content


This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Integrating IdP with Remedy SSO for SAML IdP initiated login

Starting from version 9.1.02, Remedy Single Sign-On (Remedy SSO) supports SAML Identity Provider (IdP) initiated login.

To activate the IdP initiated login, perform the following steps:

  1. Configure SAMLv2 authentication on Remedy SSO server. For more information on configuring SAMLv2 authentication, see Configuring Remedy SSO to authenticate users with SAMLv2.
  2. Configure Relying Party Trust on the IdP.
  3. Configure claim rules.
  4. Configure Remedy SSO to provide the service URL.

Configuring Relying Party Trust on the IdP

This is second step that you must perform to support the IdP initiated login. Consider AD FS as the IdP.

Before you begin

  • Ensure that the required certificates are imported in the AD FS Trusted Root Certificate Authorities folder. For more information, see Importing certificates.
  • Ensure that you have the following information:
Relying Party Trust URL

URL of the Relying Party Trust, which is the Remedy SSO server. Use  the following format.



  • rssoServer: URL of the Remedy SSO server.
  • port: Port of the Remedy SSO server.
  • rssoRealmValue: Realm name of the protected service that user selects.
  • appURL: URL of the protected service.

If you have only the default realm on the Remedy SSO server, use the following format:


Display nameName of the Relying Party Trust that IdP displays in the menu for users.
NotesAppropriate description for the Relying Party Trust.
Token encryption certificateCertificate that IdP uses to encrypt the claims that are sent to the relying party trust. Encryption certificate is required only if you need the response from the Relying Party Trust to be encrypted
Relying party trust identifierIdentifier for Relying Party Trust that is same as the Relying Party Trust URL.

To configure AD FS

  1. Open the AD FS console.
  2. Click Trust Relationships to expand the folder.
  3. Right-click the Relying Party Trusts folder and select Add Relying Party Trust.
  4. On Add Relying Party Trust Wizard, click Start.
  5. On the Select Data Source page, click Enter data about the relying party manually and click Next.
  6. On the Specify Display Name page, enter Display Name and Notes for the relying party trust and click Next.
  7. On the Choose Profile page, click AD FS profile and click Next.
  8. On the Configure Certificate page do not import any certificate and click Next.
  9. On the Configure URL page, select the Enable support for the SAML 2.0 WebSSO protocol check box and enter the Relying Party Trust URL in the Relying party SAML 2.0 SSO service URL field.
  10. Click Next.
  11. On the Configure Identifiers page, enter relying party trust identifier in the Relying party trust identifier field and click Add.
  12. Click Next.
  13. On the Configure Multi-factor Authentication Now page, select the I do not want to configure multi-factor authentication settings for the relying party trust at this time check box and click Next.
  14. On the Choose Issuance Authorization Rules page, click Permit all users to access this relying party.
  15. On the Ready To Add Trust page, click the Advanced tab.
  16.  In the Secure hash algorithm box click SHA-1 and click Next.


    If you cannot select the secure hash algorithm in this step, from the Relying Party Trusts list, right click the relying party trust that you just created and select Properties option from the menu. Click the Advanced tab and verify that the secure hash algorithm is selected as SHA-1.

  17. Select the check box for opening the Edit Claim Rules dialog box when you close the wizard and click Close. For more information about claim rules, see Configuring claim rules.

Configuring claim rules

This is the third step that you must perform to support the IdP initiated login.

MultiExcerpt named Configure_Claim_Rule was not found -- Please check the page name and MultiExcerpt name used in the MultiExcerpt-Include macro

Was this page helpful? Yes No Submitting... Thank you