In Address Manager, there are two modes for SSO and OAuth integration: SSO Enabled and SSO Enforced.
SSO Enabled | SSO Enforced |
---|---|
|
|
OAuth only: Within Address Manager, it is possible that only OAuth is enabled.
If SSO Enforced mode is enabled, or if only OAuth is enabled in Address Manager, you must configure both SSO and OAuth in BlueCat Gateway.
Configuring Single Sign-On and OAuth in BlueCat Gateway | |
---|---|
Address Manager | What to configure in BlueCat Gateway |
SSO Enabled | None |
SSO Enforced | SSO and OAuth |
OAuth Only | SSO and OAuth |
Before you begin
BlueCat Gateway v20.3.1 or greater
Address Manager v9.2.0 or greater
Port 443 must be open in both BlueCat Gateway and the Identity Provider (IdP).
BlueCat Gateway must be able to access the IdP, either on premises or cloud.
You must have configured OAuth settings in Address Manager.
Important: Before configuring OAuth in BlueCat Gateway, make sure you complete the necessary prerequisites and configuration requirements in both the Authorization Server (Identity Provider) and Address Manager. For more details, see Enabling OAuth in Address Manager in the Address Manager Administration Guide.
What you need from BlueCat Gateway to set up your Single Sign-On connection
To set up the SSO connection, you need the following from BlueCat Gateway:
BlueCat Gateway domain name
BlueCat Gateway x509 Certificate (optional)
BlueCat Gateway Private key (optional)
Note: The x509 certificate and private key of the HTTPS server are required only if you want to sign the certificate.
What BlueCat Gateway needs from your IdP
To set up the SSO connection, you need the following from your IdP:
IdP Metadata URL
OR
All of the following:
IdP Signing Certificate
IdP EntityID
IdP singleSignOnService URL
IdP singleSignOnService Binding
IdP singleLogoutService URL
IdP singleLogoutService Binding