Keystore

Enable SAML single-sign on by creating a keystore.

SAML needs a keystore with a generated key-pair.
SAML uses the key-pair to encrypt its communication with the IdP.

Create a keystore

Use the Java keytool to create one.

keytool \
 -genkeypair \
 -storetype pkcs12 \
 -keystore lenses.p12 \
 -storepass my_password \
 -alias lenses \
 -keypass my_password \
 -keyalg RSA \
 -keysize 2048 \
 -validity 10000

Setting	Definition
storetype	The type of keystore (pkcs12 is industry standard, but jks also supported)
keystore	The filename of the keystore
storepass	The password of the keystore
alias	The name of the key-pair
keypass	The password of the key-pair (must be same as storepass for pkcs12 stores)

To ensure the keystore created is compatible with Lenses, please use the keytool utility of the exact java version Lenses uses. To find the Java version used by Lenses:

docker run --rm \
           --entrypoint "java" \
           lensesio/lenses:${YOUR_LENSES_VERSION} \
           --version

You could also opt to use the keytool bundled in the docker image of your Lenses version

mkdir -p lenses_keystores
docker run --rm \
           -it  \
           --user $(id -u):$(id -g) \
           -v ${PWD}/lenses_keystores:${PWD}/lenses_keystores \
           --entrypoint '/opt/lenses/jre/bin/keytool' \
           lensesio/lenses:${YOUR_LENSES_VERSION} \
            -genkeypair \
            -storetype pkcs12 \
            -keystore ${PWD}/lenses_keystores/lenses.p12 \
            -storepass my_password \
            -alias lenses \
            -keypass my_password \
            -keyalg RSA \
            -keysize 2048 \
            -validity 10000

Add to configuration

Reference the keystore file’s path and put the password info in the security.conf configuration file.

lenses.security.saml.keystore.location = "/path/to/lenses.p12"
lenses.security.saml.keystore.password = "my_password"
lenses.security.saml.key.password = "my_password"

See all SSO options .