A SAML certificate is needed in order to encode messages to be sent to the Identity Provider. The Identity Provider will decode these messages using the public part of this certificate in order to ensure that the message is genuine.
The private certificate is stored in a Java keystore. This article explains how to generate it.
Run the following commands:
cd /usr/local/afs7/Fluid-Topics/conf/$TENANT_ID/saml
/usr/local/afs7/contrib/openjdk/8/bin/keytool -genkeypair -alias FT -storepass $KEYSTORE_PASSWORD -keypass $PRIVATE_KEY_PASSWORD -keystore keystore.jks -keyalg RSA -keysize 2048 -validity 3650
Where
Do not forget the $PRIVATE_KEY_PASSWORD and $KEYSTORE_PASSWORD as they will be required later.
When prompted, answer properly the following questions:
What is your first and last name?
$NAME
What is the name of your organizational unit?
$UNIT
What is the name of your organization?
$COMPANY
What is the name of your City or Locality?
$CITY
What is the name of your State or Province?
$STATE
What is the two-letter country code for this unit?
$COUNTRY_CODE
Is CN=<name>, OU=${Unit}, O=${Company}, L=${City}, ST=${State}, C=${Country_Code} correct?
The answers given to these questions will help provide a correctly encrypted keystore.
The keystore.jks file must be stored in the following directory:
/usr/local/afs7/Fluid-Topics/conf/$TENANT_ID/saml
The generation of the IdP metadata file is the customer's responsibility. Once generated, it must be located in the following directory:
/usr/local/afs7/Fluid-Topics/conf/$TENANT_ID/saml