This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Creating a local SP for SAML configuration

Before the tenant administrator can start using the BMC Atrium SSO Tenant Console, you must configure the BMC Atrium Single Sign-On server to be used as a service provider (SP).

The following topics are provided:

Before you begin

  • You must install the necessary libraries before creating a local SP.

  • You must create signing and encryption certificates so that they can be used for establishing trust relationship between Active Directory Federation Services (AD FS) and the BMC Atrium Single Sign-On server. For more information, see Creating-signing-and-encryption-certificates.

    Note

    Instead of creating a new certificate and a private key pair, you can import the existing certificates and private-key pair into the cot.jks file.

To create a local SP

  1. In the BMC Atrium SSO Admin Console, click the realm for which you want to configure SP. The Realm Editor is displayed.
  2. On the Realm Editor, add a new local SP named sp, add the following parameters, and click Save:
    • Name: sp
    • Signing certificate: test_sig sha1 (or any other signed certificate)
    • Select check boxes for signing: Authentication Request, Logout Request, Logout Response
    • Select the Auto Federation check box. When selected, this check box allows BMC Atrium Single Sign-On to use an attribute of the Assertion from the IdP to automatically create an identity within the BMC Atrium Single Sign-On system. The identity is created by passing the initial double logon normally performed when federating a user account with SAMLv2.
    • Encryption certificate: test_enc sha1 (or any other signed certificate)
    • Encryption algorithm: AES-128
    • User Name ID as User ID: Selected
    • Clear the Attribute Mapping list
    • Add the following pair: upn = uid (or User Id)

For information about parameters for the local service provider, see Configuring-BMC-Atrium-Single-Sign-On-as-an-SP.

Note

  • If you are using signed certificates, import only the root CA certificate.
  • If you are using self-signed certificates, import the public certificates into the truststore. For more information see, Importing-a-certificate-into-the-truststore.

After creating a local service provider, the tenant administrator use the BMC Atrium Tenant Console to configure SAMLv2 for authentication.

Where to go from here

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*