Configuring Address Manager as a Service Provider - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.5.0

Address Manager forwards the information provided in this page to the IdP. Once you configure Address Manager as a service provider, a metadata endpoint is created that identifies Address Manager as a service provider and allows the IdP to add relying parties.

  1. In Address Manager, select the Administration tab.
  2. Under User Management, select Identity and Access Management.
  3. Select the SAML SP Configuration tab.
  4. In the BAM FQDN field, enter the BAM domain name. For example, https://bam.example.com. This will auto-populate the Entity ID, Consume URL, and the Single Logout URL.
    Note: The Single Logout (SLO) URL is the URL that the IdP will send a logout request to during IdP-initiated SLO. Address Manager does not support SP-initiated SLO.
  5. In the Nameid Format drop-down, select the Name ID format. Name IDs are a way for IdPs to communicate with each other regarding a user. You can obtain the Name ID format from your IdP.
    Note: The default value is unspecified. You can select this option if you did not obtain the Name ID from your IdP.
  6. In the Security section, select the following:
    1. Toggle Signing (Optional) - signs request with the certificate
    2. Toggle Encryption (Optional) - encrypts the assertions received by the service provider
    3. Click Choose File to upload the PKCS archive file which has both the private and public key. The PKCS certificate must be trusted by the IdP. You can upload a P12 or PFX file. Once you upload the PKCS archive file, enter the password of the file.
      Note: You cannot select Current Certificate on your first attempt to configure Address Manager as a service provider. You must upload the PKCS archive file.
  7. In the Organization field, enter the name of your company.
    Attention: A known issue exists where special characters entered in the SAML Service Provider metadata can cause the following error to appear when accessing the http://<bam_ip_or_hostname>/sso/metadata URL:
    Invalid SAML Metadata. Not match the saml-schema-metadata-2.0.xsd
    As a workaround, special characters such as ", ', <, >, or & must be escaped using the entity format of the symbol when entering metadata values. For example:
    • Use &quot; instead of ".
    • Use &apos; instead of '.
    • Use &lt; instead of <.
    • Use &gt; instead of >.
    • Use &amp; instead of &.

    For more information, refer to KI-025223 on BlueCat Customer Care.

  8. In the Contact person field, enter the name of the contact person.
  9. In the Contact email field, enter the email address of the contact person.
  10. In the Organizational URL field, enter the company URL.
  11. Click Update.
    Address Manager is now configured as a service provider. You can validate the URL populated in the Entity ID field. When you enter this URL in your browser, an XML file should display containing the Address Manager service provider information.