Setting SP signing certificate for SAML authentication
Starting from Remedy Single Sign-On 9.1 Service Pack 1, the cot.jks file that contains the service provider (SP) certificate is not provided out-of-the-box. You must create the cot.jsk file, set the SP certificate, and configure the information through the Remedy SSO Admin Console by performing the following steps:
Create a keystore file containing a keypair for SAML SP signing request. You can use the following command to create a keystore file:
keytool -keystore <keystorefile> -genkey -alias <aliasname> -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 730 #For example, #keytool -keystore cot.jks -genkey -alias sp-signing -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 730 #The above command creates a keystore file named cot.jks that contains a keypair with the alias as sp-signing.
- Place the keystore file on each Remedy SSO server node in the cluster with the same file path.
- Log in to the Remedy SSO Admin Console.
- Click General.
- On the left navigation panel, click the Advanced tab and enter the advanced details. For more information about the advanced details, see Advanced server parameters.
- Click Save.
Advanced server parameters
Field | Description |
---|---|
Keystore File | The keystore file name along with the path. If you are using PKCS12 keystore file, the file extension must be .p12. If the keystore file is located in the <TOMCAT>/rsso/webapp/WEB-INF/classes directory, the value of this field can be the name of the keystore file. Otherwise, use the absolute file path. |
Keystore Password | The keystore file password. The keypair and keystore passwords must be the same. |
Signing Key Alias | The identifying name for the signing key. For example, MySigningKeyAlias. |
Comments