5.0
Keystore
Enable SAML single-sign on by creating a keystore.
- SAML needs a keystore with a generated key-pair.
- SAML uses the key-pair to encrypt its communication with the IdP.
Create a keystore
Use the Java keytool
to create one.
keytool \
-genkeypair \
-storetype pkcs12 \
-keystore lenses.p12 \
-storepass my_password \
-alias lenses \
-keypass my_password \
-keyalg RSA \
-keysize 2048 \
-validity 10000
Setting | Definition |
---|---|
storetype | The type of keystore (pkcs12 is industry standard, but jks also supported) |
keystore | The filename of the keystore |
storepass | The password of the keystore |
alias | The name of the key-pair |
keypass | The password of the key-pair (must be same as storepass for pkcs12 stores) |
Add to configuration
Reference the keystore file’s path and put the password info in the security.conf
configuration file.
lenses.security.saml.keystore.location = "/path/to/lenses.p12"
lenses.security.saml.keystore.password = "my_password"
lenses.security.saml.key.password = "my_password"
See all SSO options .