Configuring the BMC Helix SSO server as a SAML service provider

If you plan to use SAML authentication for configuring your realms, you need to configure BMC Helix SSO as a SAML service provider.

To configure BMC Helix SSO server as a SAML service provider

In the SAML Service Provider section, complete the following fields:

Field	Description
SP Entity ID	The entity ID of the service provider (SP). You can specify any value for SP Entity ID, for example rsso_sp_hostname. The BMC Helix SSO server name is used as the SP identifier in the Relying Party Trust configured on the Identity Provider (IdP) side.
External URL	The external URL of the service provider. It is the URL of the BMC Helix SSO server. Note: The URL must be HTTPS only.
Keystore File	The keystore file path on the BMC Helix SSO server file system that includes the keystore file name. The keystore file contains all the required certificates. If you are using PKCS12 keystores file, the file extension must be .p12. If the keystore file is available in the tomcat/rsso/webapp/WEB-INF/classes folder, the value of this field can be the name of the keystore file, where tomcat is the Tomcat path. Otherwise, use the absolute file path.
Keystore Password	The keystore file password. The keypair and keystore password must be the same.
Signing Key Alias	The alias name of the signing key in the keystore file.
Encryption Key Alias	The alias name of the encryption key used to encrypt the SAML assertions from the IdP. The metadata of this encryption key is imported into the IdP. For information about how to decrypt SAML assertions, see Configuring-advanced-functions-for-SAML-authentication.