This documentation supports the 9.1 version of Remedy Single Sign-On.

To view the latest version, select the version from the Product version menu.

Setting SP signing certificate for SAML authentication

Starting from Remedy Single Sign-On (Remedy SSO) 9.1 Service Pack 1, the cot.jks file that contains the service provider (SP) certificate is not provided out-of-the-box. You must create the cot.jsk file, set the SP certificate, and configure the information through the Admin console by performing the following steps:

  1. Create a keystore file containing a keypair for SAML SP signing request. You can use the following command to create a keystore file.

    keytool -keystore <keystorefile> -genkey -alias <aliasname> -keyalg RSA -sigalg SHA256withRSA -keysize 2048  -validity 730
    For example, 
    keytool -keystore cot.jks -genkey -alias sp-signing -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 730
    The above command creates a keystore file named cot.jks that contains a keypair with the alias as sp-signing.
  2. Place the keystore file on each Remedy SSO server node in the cluster with the same file path.
  3. Log in to the Remedy SSO administrator console.
  4. Click General.
  5. On the left navigation panel, click the Advanced tab and enter the advanced details. For more information about the advanced details, see  Advanced server parameters .
  6. Click Save.

Advanced server parameters

Keystore File

The keystore file path along with the file name. If you are using PKCS12 keystores file, the file extension must be .p12.

If the keystore file is placed at <TOMCAT>/rsso/webapp/WEB-INF/classes folder, the value of this field can be the name of the keystore file. Otherwise, use the absolute file path.

Keystore PasswordThe keystore file password. The keypair and keystore passwords must be the same.
Signing Key AliasThe alias name of the signing key in the keystore file.

Related topics

Was this page helpful? Yes No Submitting... Thank you