Enable SAML single-sign on by creating a keystore.

  • SAML needs a keystore with a generated key-pair.
  • SAML uses the key-pair to encrypt its communication with the IdP.

Create a keystore 

Use the Java keytool to create one.

keytool \
 -genkeypair \
 -storetype pkcs12 \
 -keystore lenses.p12 \
 -storepass my_password \
 -alias lenses \
 -keypass my_password \
 -keyalg RSA \
 -keysize 2048 \
 -validity 10000

storetypeThe type of keystore (pkcs12 is industry standard, but jks also supported)
keystoreThe filename of the keystore
storepassThe password of the keystore
aliasThe name of the key-pair
keypassThe password of the key-pair (must be same as storepass for pkcs12 stores)

Add to configuration 

Reference the keystore file’s path and put the password info in the security.conf configuration file. = "/path/to/lenses.p12" = "my_password" = "my_password"

See all SSO options.

Last modified: July 17, 2024