Generate Back Office Keystore and IdP File - ABO - Reference Guides

Back Office Configuration Guide

Product
ABO
AFS_Version
7.11
Category
Reference Guides
language
English
audience
public

A SAML certificate is needed in order to encode messages to be sent to the Identity Provider. The Identity Provider will decode these messages using the public part of this certificate in order to ensure that the message is genuine.

The private certificate is stored in a Java keystore. This article explains how to generate it.

Run the following commands:

As antidot user

cd /usr/local/afs7/bo-server/saml
/usr/local/afs7/contrib/openjdk/8/bin/keytool -genkeypair -alias BO -keypass ${Key_Password} -keystore keystore.jks -storepass <keystorepassword> -keyalg RSA -keysize 2048 -validity 3650

When prompted, answer properly the following questions:

What is your first and last name?
$NAME
What is the name of your organizational unit?
$UNIT
What is the name of your organization?
$COMPANY
What is the name of your City or Locality?
$CITY
What is the name of your State or Province?
$STATE
What is the two-letter country code for this unit?
$COUNTRY_CODE
Is CN=<name>, OU=${Unit}, O=${Company}, L=${City}, ST=${State}, C=${Country_Code} correct?

The answers given to these questions will help provide a correctly encrypted keystore.

The keystore.jks file must be stored in the following directory:

/usr/local/afs7/bo-server/saml

The generation of the IdP metadata file is the customer's responsibility. Once generated, it must be stored in the following directory:

/usr/local/afs7/bo-server/saml