In Address Manager, there are two modes for SSO and OAuth integration: SSO Enabled and SSO Enforced.
|SSO Enabled||SSO Enforced|
Address Manager also has an option where only OAuth is enabled.
If the SSO Enforced mode is enabled, or if only OAuth is enabled in Address Manager, you must configure both SSO and OAuth in BlueCat Gateway.
|Configuring Single Sign-On and OAuth in BlueCat Gateway|
|Address Manager||What to configure in BlueCat Gateway|
|SSO Enforced||SSO and OAuth|
|OAuth Only||SSO and OAuth|
Before you begin
To enable SSO, you need the following:
- BlueCat Gateway v20.3.1 or greater
- Address Manager v9.2.0 or greater
- Open port 443 in BlueCat Gateway and the IdP
- BlueCat Gateway can access the IdP either on premises or cloud
- You have configured the OAuth settings in Address ManagerImportant: Prior to configuring OAuth in BlueCat Gateway, make sure you have completed the necessary prerequisites and configuration requirements in the Authorization Server and Address Manager. For more information, refer to "Enabling OAuth in Address Manager" in the Address Manager Administration Guide.
What you need from BlueCat Gateway to set up your Single Sign-On connection
To set up the SSO connection, you need the following from BlueCat Gateway:
- BlueCat Gateway domain name
- BlueCat Gateway x509 Certificate (optional)
- BlueCat Gateway Private key
(optional)Note: The x509 certificate and private key of the HTTPS server are only required if you want to sign the certificate.
What BlueCat Gateway needs from your IdP
To set up the SSO connection, you need the following from your IdP:
- IdP Metadata URL
- IdP Signing Certificate
- IdP EntityID
- IdP singleSignOnService URL
- IdP singleSignOnService Binding
- IdP singleLogoutService URL
- IdP singleLogoutService Binding