Generate Back Office Keystore and IdP File - ABO - Reference Guides

Back Office Configuration Guide

Reference Guides

A SAML certificate is needed in order to encode messages to be sent to the Identity Provider. The Identity Provider will decode these messages using the public part of this certificate in order to ensure that the message is genuine.

The private certificate is stored in a Java keystore. This article explains how to generate it.

Run the following commands:

As antidot user

cd /usr/local/afs7/bo-server/saml
/usr/local/afs7/contrib/openjdk/8/bin/keytool -genkeypair -alias BO -keypass ${Key_Password} -keystore keystore.jks -storepass <keystorepassword> -keyalg RSA -keysize 2048 -validity 3650

When prompted, answer properly the following questions:

What is your first and last name?
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN=<name>, OU=${Unit}, O=${Company}, L=${City}, ST=${State}, C=${Country_Code} correct?

The answers given to these questions will help provide a correctly encrypted keystore.

The keystore.jks file must be stored in the following directory:


The generation of the IdP metadata file is the customer's responsibility. Once generated, it must be stored in the following directory: