4.2

You are viewing documentation for an older version of Lenses.io View latest documentation here

Keystore

Enable SAML single-sign on by creating a keystore.

  • SAML needs a keystore with a generated key-pair.
  • SAML uses the key-pair to encrypt its communication with the IdP.

Create a keystore 

Use the Java keytool to create one.

keytool \
 -genkeypair \
 -storetype pkcs12 \
 -keystore lenses.p12 \
 -storepass my_password \
 -alias lenses \
 -keypass my_password \
 -keyalg RSA \
 -keysize 2048 \
 -validity 10000 

SettingDefinition
storetypeThe type of keystore (pkcs12 is industry standard, but jks also supported)
keystoreThe filename of the keystore
storepassThe password of the keystore
aliasThe name of the key-pair
keypassThe password of the key-pair (must be same as storepass for pkcs12 stores)

Add to configuration 

Reference the keystore file’s path and put the password info in the security.conf configuration file.

lenses.security.saml.keystore.location = "/path/to/lenses.p12"
lenses.security.saml.keystore.password = "my_password"
lenses.security.saml.key.password = "my_password"

See all SSO options .