How to Setup a Java KeyStore for a SAML Configuration

Goal

Create a KeyStore for implementing signed requests for SAML authentication

Learn

Prerequisites 

There should be a Public Certificate available from the Identity Provider server. Common file formats for this are .cer and.crt.

Identify the following variables for usage in the environment:

  • SERVICE_PROVIDER_ALIAS (i.e. datameersaml)
  • IDENTITY_PROVIDER_ALIAS (i.e. externalsaml)
  • KEYSTORE_FILENAME (i.e. datameersaml.keystore)

Step-by-step guide

1) Generate a new KeyStore and private key on the Datameer server by running this command:

keytool -genkey -alias <SERVICE_PROVIDER_ALIAS> -keyalg RSA -keystore<KEYSTORE_FILENAME>

A password/passphrase for the new KeyStore file. This command will prompt for the following values:

  • Re-enter the same password to confirm.
  • Private Key identifying attributes such as Company name, Organization name, etc.

2) Verify that the <KEYSTORE_FILENAME> is successfully created on the file system.

3) Import the ID Provider Public Certificate into the KeyStore that was created.

keytool -import -alias <IDENTITY_PROVIDER_ALIAS> -file <IDENTITY_PROVIDER_CERTIFICATE_FILE> -keystore <KEYSTORE_FILENAME>

4) Copy the <KEYSTORE_FILENAME> file to a known location on the Datameer server and ensure that the Linux file permissions allow the Datameer user to read the file. 

5) Login to the Datameer GUI and edit the SAML configuration.

Input the KeyStore information including these values:

  • KeyStore Path (path to the <KEYSTORE_FILE>)
  • KeyStore Password (this was input during the first keytool command)
  • Service Provider Alias Name (<SERVICE_PROVIDER_ALIAS>)
  • Service Provider Passphrase (this was input during the first keytool command)