This documentation supports the 18.08 version of Remedy Single Sign-On.

To view the latest version, select the version from the Product version menu.

Setting SP signing certificate for SAML authentication

The cot.jks file that contains the service provider (SP) certificate is not provided out-of-the-box. You must create the cot.js file, set the SP certificate and configure the information through the Remedy Single Sign-On Admin Console by performing the following steps:

  1. Create a keystore file containing a keypair for SAML SP signing request. You can use the following command to create a keystore file:

    keytool -keystore <keystorefile> -genkey -alias <aliasname> -keyalg RSA -sigalg SHA256withRSA -keysize 2048  -validity 730
    #For example, 
    #keytool -keystore cot.jks -genkey -alias sp-signing -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 730
    #The above command creates a keystore file named cot.jks that contains a keypair with the alias as sp-signing.
  2. Place the keystore file on each Remedy SSO server node in the cluster with the same file path.
  3. Log in to the Remedy SSO Admin Console.
  4. Click General.
  5. On the left navigation panel, click the Advanced tab and enter the following advanced details.

    Keystore File

    The keystore file name along with the path.

    If you are using PKCS12 keystore file, the file extension must be .p12.

    If the keystore file is located in the <TOMCAT>/rsso/webapp/WEB-INF/classes directory, the value of this field can be the name of the keystore file. Otherwise, use the absolute file path.

    Keystore PasswordThe keystore file password. The keypair and keystore passwords must be the same.
    Signing Key AliasThe identifying name for the signing key. For example, MySigningKeyAlias.
  6. Click Save.

Related topics

Configuring Remedy SSO to authenticate users with SAMLv2

Updating the SP signing certificate

Was this page helpful? Yes No Submitting... Thank you