auth.admin.saml.keystore-path
Specify the location of the SAML keystore (Admin interface).
Key: auth.admin.saml.keystore-path
Type: File
Can be set in: global.cfg
Description
Set to the location of the java keystore which is used to store
the private key Funnelback will use for SAML communications.
For example $SEARCH_HOME/conf/samlAdminKeystore.jks
.
http://docs.spring.io/spring-security-saml/docs/1.0.2.RELEASE/reference/html/security.html provides details on how this keystore can be created with java's 'keytool' utility. This documentation also covers the creation of the private key described in auth.admin.saml.key-password, and configuring trust of certificates presented by other systems for SAML usage.
Warning: keytool
may generate SHA-1 keys by default, which is considered
deprecated and may not work with all identity providers. Make sure you choose
an appropriate algorithm when creating keys with keytool
.
⚠ Caveats
This setting requires Jetty to be restarted to take effect.
See Also
- SAML authentication
- Enable SAML authentication (Admin interface).
- Specify the SAML identity provider's metadata URL (file:// or http://) (Admin interface).
- Specify the URL to log users out of the IdP (Admin interface).
- Specify the prefix for the SAML entity ID (Admin interface).
- Specify the password for SAML keystore (Admin interface).
- Specify the alias of private key to use in SAML keystore (Admin interface).
- Specify the password for private key in SAML keystore (Admin interface).
- Specify the location of the Groovy class which maps SAML users to their permissions.
- Specify the default URL to navigate to after an IdP initiated SSO login. (Admin interface)