The default jbid_test_keystore.jks is useful for testing purpose, but in production you need to generate and use your own keystore as follows:
Generate your file using the keytool command:
keytool -genkey -alias secure-key -keyalg RSA -keystore secure-keystore.jksYou will be asked to enter a keystore password and a key password. Remember them to use in next steps.
Install your file to WEB-INF/classes/sso/saml/
inside standalone/deployments/platform.ear/exo.portal.web.portal.war if you are configuring eXo Platform SP/IDP.
Install it to WEB-INF/classes/
inside standalone/deployments/idp-sig.war if you are configuring idp-sig.war.
Modify picketlink configuration file to provide your keystore password and a key password. The picketlink configuration file is:
WEB-INF/conf/sso/saml/picketlink-sp.xml
inside standalone/deployments/platform.ear/exo.portal.web.portal.war
if you are configuring eXo Platform SP.
WEB-INF/conf/sso/saml/picketlink-idp.xml
inside standalone/deployments/platform.ear/exo.portal.web.portal.war
if you are configuring eXo Platform IDP.
WEB-INF/picketlink.xml
inside standalone/deployments/idp-sig.war
if you are configuring idp-sig.war.
The following configuration is for SP, similar for IDP and idp-sig.war:
<KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
<Auth Key="KeyStoreURL" Value="/sso/saml/secure-keystore.jks"/>
<Auth Key="KeyStorePass" Value="keystore pass"/>
<Auth Key="SigningKeyPass" Value="key pass"/>
<Auth Key="SigningKeyAlias" Value="secure-key"/>
<ValidatingAlias Key="${gatein.sso.sp.host}" Value="secure-key"/>
</KeyProvider>