Configuring Address Manager as a Service Provider - BlueCat Integrity - 26.1.0

Address Manager forwards the information provided in this page to the IdP. Once you configure Address Manager as a service provider, a metadata endpoint is created that identifies Address Manager as a service provider and allows the IdP to add relying parties.

1. Select the Settings tab in the sidebar.
2. Under System security, select SSO settings.
3. In the Address Manager FQDN field, enter the BAM domain name. For example, https://bam.example.com. This will auto-populate the Entity ID, Consume URL, and the Single logout URL fields.
   Note: The Single Logout (SLO) URL is the URL that the IdP will send a logout request to during IdP-initiated SLO. Address Manager does not support SP-initiated SLO.
4. In the NameID Format drop-down menu, select the Name ID format. Name IDs are a way for IdPs to communicate with each other regarding a user. You can obtain the Name ID format from your IdP.
   Note: The default value is unspecified. You can select this option if you did not obtain the Name ID from your IdP.
5. Complete the following fields:
   1. Enable signing (optional) - signs request with the certificate.
   2. Enable encryption (optional) - encrypts the assertions received by the service provider.
   3. In the PKCS #12 file checkbox, upload the PKCS archive file that has both the private and public key. The PKCS certificate must be trusted by the IdP. You can upload a P12 or PFX file. Once you upload the PKCS archive file, enter the Password of the file.
6. In the Organization field, enter the name of your company.
   Attention: A known issue exists where special characters entered in the SAML Service Provider metadata can cause the following error to appear when accessing the http://<bam_ip_or_hostname>/sso/metadata URL:

   Invalid SAML Metadata. Not match the saml-schema-metadata-2.0.xsd

   As a workaround, special characters such as ", ', <, >, or & must be escaped using the entity format of the symbol when entering metadata values. For example:

   • Use " instead of ".
   • Use ' instead of '.
   • Use < instead of <.
   • Use > instead of >.
   • Use & instead of &.

   For more information, refer to KI-025223 on BlueCat Customer Care.

7. In the Organizational URL field, enter the company URL.
8. In the Contact name field, enter the name of the contact person.
9. In the Contact email field, enter the email address of the contact person.
10. Enter a Change control comments if required.
11. Select Update SAML SP configuration settings.
    Address Manager is now configured as a service provider. You can validate the URL populated in the Entity ID field. When you enter this URL in your browser, an XML file should display containing the Address Manager service provider information.