Configuring the server for single sign-on during installation

During the installation of the BigFix® Remote Control server, you can configure support for SAML V2.0 authentication.

Before you begin

Download the server installation file by running a Fixlet®. For more information, see Download the BigFix Remote Control server component.

Procedure

  1. Follow the installation steps in Installing by using the server installer
  2. During the installation, select your configuration options on the SSO configuration window.
    Enable SSO
    Select this option to enable Single-Sign-On (SSO). To continue with the configuration, you must get the SAML metadata XML file from the Identity Provider (IdP) and which hash algorithm they are using: SHA-1 or SHA-256.
    Metadata XML file
    Click Choose and select the SAML metadata XML file that you obtained from the IdP.
    Algorithm used to sign SAML messages
    Select the signature algorithm (SHA-1 or SHA-256) to use to sign messages in communications between the Identity Provider (IdP) and this Service Provider (SP) which is the BigFix® Remote Control Server.
    Advanced parameters (optional)
    Type in further configuration options, by adding attribute names in a space-separated list, in the following format: [keyword]="[keyword-value]". Where [keyword] is the attribute name and [keyword-value] is the attribute value. For more information about further configuration parameters, see SAML Web SSO 2.0 Authentication (samlWebSso20)
    Force regeneration of SAML data. (you must re-register with the IdP)
    The first time that you enable SSO, a new default SAML certificate keystore is created. For future upgrades, you can select the regeneration option to create a new default certificate keystore. The current keystore is deleted and the new one is saved. When you select this option, you must reestablish the connection between the SP and the IdP after the server restarts.
  3. Complete the installation. After you click Install on the Summary window in the installation program, the Important window is displayed. Take note of the URL and information on the Important window. After the server starts, type the URL in your browser to download the SP metadata. You must provide the metadata to the IdP to establish federation between them.