Configuring advanced functions for SAML authentication
Before you begin
Create a service provider signing certificate if you plan to use any of the additional functions for SAML authentication described in this topic. For information about how to do this, see Creating-and-updating-the-SP-signing-certificate-for-SAML-authentication.
To decrypt the encrypted assertions in SAML responses
If encryption is enabled on the identity provider side, you must configure Remedy SSO server to decrypt the encrypted assertions in SAML responses. To encrypt SAML assertions, the identity provider uses one of the following methods: AES-128, AES-192, and AES-256.
If the identity provider uses AES-192 or AES-256 encryption method, you must enable Java on the Remedy SSO server to decrypt the SAML assertions.
Download files from Java downloads, and follow the instructions in the JRE Readme file to update the %JRE_HOME%->lib->security folder.
- In Remedy SSO Admin Console, navigate to General > Advanced > SAML Service Provider.
- Enter the Encryption Key Alias parameter.
For more information, see Configuring-the-Remedy-SSO-server.
To sign SAML authentication requests
To sign the SAML authentication requests between Remedy SSO and the IdP, perform the following steps:
- In Remedy SSO Admin Console, navigate to General > Advanced > SAML Service Provider.
- Complete the following fields: Keystore File, Keystore Password, Signing Key Alias.
For more information, see Configuring-the-Remedy-SSO-server.
To sign SAML metadata for IdP
When you import SAML metadata to the IdP, you can sign it up on the Remedy SSO server. This ensures additional security between the IdP and the service provider (SP).
- On the Realm > Authentication tab, ensure that the Sign Request check box is selected.
- On the General > Advanced tab, specify the Signing Key Alias.
Where to go from here
Importing-configuration-from-an-identity-provider-and-configuring-the-SAML-authentication