Setting SP signing certificate for SAML authentication
Starting from Remedy Single Sign-On 9.1 Service Pack 1, the cot.jks file that contains the service provider (SP) certificate is not provided out-of-the-box. You must create the cot.jsk file, set the SP certificate, and configure the information through the Remedy SSO Admin Console by performing the following steps:
Create a keystore file containing a keypair for SAML SP signing request. You can use the following command to create a keystore file:
keytool -keystore <keystorefile> -genkey -alias <aliasname> -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 730 #For example, #keytool -keystore cot.jks -genkey -alias sp-signing -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 730 #The above command creates a keystore file named cot.jks that contains a keypair with the alias as sp-signing.
- Place the keystore file on each Remedy SSO server node in the cluster with the same file path.
- Log in to the Remedy SSO Admin Console.
- Click General.
- On the left navigation panel, click the Advanced tab and enter the advanced details. For more information about the advanced details, see.
- Click Save.
Advanced server parameters
The keystore file name along with the path.
If you are using PKCS12 keystore file, the file extension must be .p12.
If the keystore file is located in the <TOMCAT>/rsso/webapp/WEB-INF/classes directory, the value of this field can be the name of the keystore file. Otherwise, use the absolute file path.
|Keystore Password||The keystore file password. The keypair and keystore passwords must be the same.|
|Signing Key Alias||The identifying name for the signing key. For example, MySigningKeyAlias.|