Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Create a SAML keystore for SSO
# Create a password-protected keystore. Change the -keypass value to a password that meets your password policy. LastPass (or some other password generator) can come in handy here for creating a password.
keytool -genkeypair -alias my-service-provider -keypass password -keyalg RSA -keysize 2048 -keystore my-sso-keystore.jks
# Use openssl to get the identity provider's public key as a file named sso.crt.
openssl s_client -connect my-sso-domain.example.com:443 > sso.crt
# Open the sso.crt file in any editor and remove everything around the BEGIN and END lines. If required, concatenate with any intermediate certificates.
vi sso.crt
# When done editing, the file should look similar to this:
# -----BEGIN CERTIFICATE-----
# // This is where the certificate content is
# -----END CERTIFICATE-----
# Import the certificate into the keystore. When prompted, press Y to trust the cert being imported
keytool -import -trustcacerts -alias sso -file ./sso.crt -keystore ./my-sso-keystore.jks
# Verify (provide the password when prompted):
keytool -list -keystore ./my-sso-keystore.jks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.