4.3
You are viewing documentation for an older version of Lenses.io View latest documentation here
Keystore
Enable SAML single-sign on by creating a keystore.
- SAML needs a keystore with a generated key-pair.
- SAML uses the key-pair to encrypt its communication with the IdP.
Create a keystore
Use the Java keytool
to create one.
keytool \
-genkeypair \
-storetype pkcs12 \
-keystore lenses.p12 \
-storepass my_password \
-alias lenses \
-keypass my_password \
-keyalg RSA \
-keysize 2048 \
-validity 10000
Setting | Definition |
---|---|
storetype | The type of keystore (pkcs12 is industry standard, but jks also supported) |
keystore | The filename of the keystore |
storepass | The password of the keystore |
alias | The name of the key-pair |
keypass | The password of the key-pair (must be same as storepass for pkcs12 stores) |
To
ensure
the keystore created is compatible with Lenses, please use thekeytool
utility of the exact java version Lenses uses. To find the Java version used by Lenses:
docker run --rm \
--entrypoint "java" \
lensesio/lenses:${YOUR_LENSES_VERSION} \
--version
You could also opt to use the
keytool
bundled in the docker image of your Lenses version
mkdir -p lenses_keystores
docker run --rm \
-it \
--user $(id -u):$(id -g) \
-v ${PWD}/lenses_keystores:${PWD}/lenses_keystores \
--entrypoint '/opt/lenses/jre/bin/keytool' \
lensesio/lenses:${YOUR_LENSES_VERSION} \
-genkeypair \
-storetype pkcs12 \
-keystore ${PWD}/lenses_keystores/lenses.p12 \
-storepass my_password \
-alias lenses \
-keypass my_password \
-keyalg RSA \
-keysize 2048 \
-validity 10000
Add to configuration
Reference the keystore file’s path and put the password info in the security.conf
configuration file.
lenses.security.saml.keystore.location = "/path/to/lenses.p12"
lenses.security.saml.keystore.password = "my_password"
lenses.security.saml.key.password = "my_password"
See all SSO options .