NOTE: Your assertion URL will change depending on what you set your entity ID to. ex:
Default assertion URL:
https://youririusriskdomain.com/saml/SSO/alias/iriusrisk-sp
Assertion URL with entity ID 'iriusrisk-prod-sp':
https://youririusriskdomain.com/saml/SSO/alias/iriusrisk-prod-sp
Defining the custom entity ID
You can configure a custom entity ID in your SAMLv2-config.groovy file. The first part that you will be looking for is this section:
// Custom entity id for the instance. If it doesn't exist it is set to iriusrisk-sp by default
// entityId = "iriusrisk-sp"
Uncomment out the entityId section, and set your own. Example of 'iriusrisk-prod-sp' entity ID:
// Custom entity id for the instance. If it doesn't exist it is set to iriusrisk-sp by default
entityId = "iriusrisk-prod-sp"
The next section that you will need to configure is this section, these are the default settings:
defaults = [
// alias should correspond to your entity id
alias: 'iriusrisk-sp',
signingKey: 'iriusrisk-sp',
encryptionKey: 'iriusrisk-sp',
tlsKey: 'iriusrisk-sp',
]
keyManager {
storeFile = 'file:/etc/irius/iriusrisk-sp.jks'
storePass = 'changeit'
passwords = [ 'iriusrisk-sp': 'changeit' ]
defaultKey = 'iriusrisk-sp'
and edit it to look like this, using the example entity ID from above:
defaults = [
// alias should correspond to your entity id
alias: 'iriusrisk-prod-sp',
signingKey: 'iriusrisk-prod-sp',
encryptionKey: 'iriusrisk-prod-sp',
tlsKey: 'iriusrisk-prod-sp',
]
keyManager {
storeFile = 'file:/etc/irius/iriusrisk-sp.jks'
storePass = 'changeit'
passwords = [ 'iriusrisk-prod-sp': 'changeit' ]
defaultKey = 'iriusrisk-prod-sp'
Create the signing cert and JKS
Enter the docker container:
docker exec -it iriusrisk-tomcat sh
And enter this command, using the example iriusrisk-prod-sp for the entity ID, change it to whatever it is you decided to use in your organization:
keytool -genkey -alias "iriusrisk-prod-sp" -validity 1825 -keyalg RSA -keystore /etc/ssl/certs/java/cacerts
The password for the keystore is changeit
/ # keytool -genkey -alias "iriusrisk-prod-sp" -validity 1825 -keyalg RSA -keystore /etc/ssl/certs/java/cacerts
Enter keystore password:changeit
What is your first and last name?
[Unknown]:
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes
Enter key password for <iriusrisk-prod-sp>
(RETURN if same as keystore password):
Exit the container and copy the keystore outside:
exit
docker cp iriusrisk-tomcat:/etc/ssl/certs/java/cacerts iriusrisk-sp.jks
Everything else in the configuration is consistent with our original SAML documents:
https://support.iriusrisk.com/hc/en-us/categories/4409690175121-SAML-LDAP-Integrations
Comments
0 comments
Please sign in to leave a comment.