3.5.6. Generating and using your own keystore

The default jbid_test_keystore.jks is useful for testing purpose, but in production you need to generate and use your own keystore as follows:

  1. Generate your file using the keytool command:

    keytool -genkey -alias secure-key -keyalg RSA -keystore secure-keystore.jks

    You will be asked to enter a keystore password and a key password. Remember them to use in next steps.

  2. Install your file to WEB-INF/classes/sso/saml/ inside PLATFORM_*/standalone/deployments/platform.ear/exo.portal.web.portal.war if you are configuring eXo Platform SP/IDP. Install it to WEB-INF/classes/ inside PLATFORM_*/standalone/deployments/idp-sig.war if you are configuring idp-sig.war.

  3. Modify picketlink configuration file to provide your keystore password and a key password. The picketlink configuration file is:

    • WEB-INF/conf/sso/saml/picketlink-sp.xml inside PLATFORM_SP/standalone/deployments/platform.ear/exo.portal.web.portal.war if you are configuring eXo Platform SP.

    • WEB-INF/conf/sso/saml/picketlink-idp.xml inside PLATFORM_IDP/standalone/deployments/platform.ear/exo.portal.web.portal.war if you are configuring eXo Platform IDP.

    • WEB-INF/picketlink.xml inside PLATFORM_*/standalone/deployments/idp-sig.war if you are configuring idp-sig.war.

    The following configuration is for SP, similar for IDP and idp-sig.war:

    
    <KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
      <Auth Key="KeyStoreURL" Value="/sso/saml/secure-keystore.jks"/>
      <Auth Key="KeyStorePass" Value="keystore pass"/>
      <Auth Key="SigningKeyPass" Value="key pass"/>
      <Auth Key="SigningKeyAlias" Value="secure-key"/>
      <ValidatingAlias Key="${gatein.sso.sp.host}" Value="secure-key"/>
    </KeyProvider>
Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus