Last active
June 3, 2021 21:49
-
-
Save jeffjohnson9046/2c1a5094c062df92ebfcd05eb2a229ff to your computer and use it in GitHub Desktop.
Create a SAML keystore for SSO
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create a password-protected keystore. Change the -keypass value to a password that meets your password policy. LastPass (or some other password generator) can come in handy here for creating a password. | |
| keytool -genkeypair -alias my-service-provider -keypass password -keyalg RSA -keysize 2048 -keystore my-sso-keystore.jks | |
| # Use openssl to get the identity provider's public key as a file named sso.crt. | |
| openssl s_client -connect my-sso-domain.example.com:443 > sso.crt | |
| # Open the sso.crt file in any editor and remove everything around the BEGIN and END lines. If required, concatenate with any intermediate certificates. | |
| vi sso.crt | |
| # When done editing, the file should look similar to this: | |
| # -----BEGIN CERTIFICATE----- | |
| # // This is where the certificate content is | |
| # -----END CERTIFICATE----- | |
| # Import the certificate into the keystore. When prompted, press Y to trust the cert being imported | |
| keytool -import -trustcacerts -alias sso -file ./sso.crt -keystore ./my-sso-keystore.jks | |
| # Verify (provide the password when prompted): | |
| keytool -list -keystore ./my-sso-keystore.jks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment