Keystore

Enable SAML single-sign on by creating a keystore.

SAML needs a keystore with a generated key-pair.
SAML uses the key-pair to encrypt its communication with the IdP.

Create a keystore

Use the Java keytool to create one.

keytool \
 -genkeypair \
 -storetype pkcs12 \
 -keystore lenses.p12 \
 -storepass my_password \
 -alias lenses \
 -keypass my_password \
 -keyalg RSA \
 -keysize 2048 \
 -validity 10000

Setting	Definition
storetype	The type of keystore (pkcs12 is industry standard, but jks also supported)
keystore	The filename of the keystore
storepass	The password of the keystore
alias	The name of the key-pair
keypass	The password of the key-pair (must be same as storepass for pkcs12 stores)

Add to configuration

Reference the keystore file’s path and put the password info in the security.conf configuration file.

lenses.security.saml.keystore.location = "/path/to/lenses.p12"
lenses.security.saml.keystore.password = "my_password"
lenses.security.saml.key.password = "my_password"

See all SSO options.

Last modified: November 18, 2024