×
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
 
 
  •  

 

This documentation supports the 19.05 version of Remedy Single Sign-On.

To view an earlier version, select the version from the Product version menu.
Remedy Single Sign-On 19.05 ... Administering Configuring Remedy SSO for authentication Configuring authentication Configuring SAML 2.0 authentication

Configuring advanced functions for SAML authentication

Depending on the configuration of your identity provider (IdP), you might need to configure advanced functions for SAML authentication on the Remedy Single Sign-On server. 

Related topics

Configuring SAML 2.0 authentication

Before you begin

Create a service provider signing certificate if you plan to use any of the additional functions for SAML authentication described in this topic. For information about how to do this, see Creating and updating the SP signing certificate for SAML authentication.

To decrypt the encrypted assertions in SAML responses 

If encryption is enabled on the identity provider side, you must configure Remedy SSO  server to decrypt the encrypted assertions in SAML responses. To encrypt SAML assertions, the identity provider uses one of the following methods: AES-128, AES-192, and AES-256. 

If the identity provider uses AES-192 or AES-256 encryption method, you must enable Java on the Remedy SSO server to decrypt the SAML assertions.

  1. Download files from  Java downloads , and follow the instructions in the JRE Readme file to update the %JRE_HOME%->lib->security folder.
  2. In Remedy SSO Admin Console, navigate to General > Advanced > SAML Service Provider
  3. Enter the Encryption Key Alias parameter. 
    For more information, see Configuring the Remedy SSO server.

To sign SAML authentication requests

To sign the SAML authentication requests between Remedy SSO and the IdP, perform the following steps: 

  1. In Remedy SSO Admin Console, navigate to General > Advanced > SAML Service Provider
  2. Complete the following fields: Keystore FileKeystore PasswordSigning Key Alias.
    For more information, see Configuring the Remedy SSO server.

To sign SAML metadata for IdP

When you import SAML metadata to the IdP, you can sign it up on the Remedy SSO server. This ensures additional security between the IdP and the service provider (SP).

  1. On the Realm > Authentication tab, ensure that the Sign Request check box is selected. 
  2. On the General > Advanced tab, specify the Signing Key Alias.

Where to go from here

Importing configuration from an identity provider and configuring the SAML authentication

Was this page helpful? Yes No Submitting... Thank you
Last modified by Olga Kutetska on Apr 24, 2020
task administering

Comments

Log in or register to comment.

Creating and updating the SP signing certificate for SAML authentication
Importing configuration from an identity provider and configuring the SAML authentication
© Copyright 1991 – 2019 BMC Software, Inc.
© Copyright 1991 – 2019 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.