Setting SP signing certificate for SAML authentication
Starting from Remedy Single Sign-On (Remedy SSO) 9.1 Service Pack 1, the cot.jks file that contains the service provider (SP) certificate is not provided out-of-the-box. You must create the cot.jsk file, set the SP certificate, and configure the information through the Admin console by performing the following steps:
Create a keystore file containing a keypair for SAML SP signing request. You can use the following command to create a keystore file.
keytool -keystore <keystorefile> -genkey -alias <aliasname> -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 730 For example, keytool -keystore cot.jks -genkey -alias sp-signing -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 730 The above command creates a keystore file named cot.jks that contains a keypair with the alias as sp-signing.- Place the keystore file on each Remedy SSO server node in the cluster with the same file path.
- Log in to the Remedy SSO administrator console.
- Click General.
- On the left navigation panel, click the Advanced tab and enter the advanced details. For more information about the advanced details, see Advanced server parameters .
- Click Save.
Advanced server parameters
| Field | Description |
|---|---|
| Keystore File | The keystore file path along with the file name. If you are using PKCS12 keystores file, the file extension must be .p12. If the keystore file is placed at <TOMCAT>/rsso/webapp/WEB-INF/classes folder, the value of this field can be the name of the keystore file. Otherwise, use the absolute file path. |
| Keystore Password | The keystore file password. The keypair and keystore passwords must be the same. |
| Signing Key Alias | The alias name of the signing key in the keystore file. |
Comments