Create and Set Up the Required Security Credentials

Security credentials are required to run the example.

1. Generate a key pair (a private key and associated public certificate) identified with the alias saml, in a keystore file called saml.jks:

         Keytool -genkeypair -keystore saml.jks -keyalg RSA -sigalg
         SHA1withRSA -alias saml

   Keytool will prompt you for the following information. You must enter your "first and last name" and "organizational unit" as "SAML" . You can use any values for the other prompts.

         Enter keystore password:
         Re-enter new password:
         What is your first and last name?
          [Unknown]:  SAML
         What is the name of your organizational unit?
          [Unknown]:  SAML
         What is the name of your organization?
          [Unknown]:
         What is the name of your City or Locality?
          [Unknown]:
         vWhat is the name of your State or Province?
                [Unknown]:
         What is the two-letter country code for this unit?
          [Unknown]:
         Is CN=SAML, OU=SAML, O=Unknown, L=Unknown, ST=Unknown,
         C=Unknown correct?
          [no]:  yes
         
         Enter key password for <saml>
          (RETURN if same as keystore password):
         Re-enter new password:

   The <saml> private key will be used by SAMLAuthDemo to sign the outgoing message request. The public certificate will be used by ActiveMatrix BPM to authenticate the incoming message request.

2. Export the public certificate for the saml entry to the saml.cert file:

      keytool -exportcert -keystore saml.jks -alias saml 
   -file saml.cert

3. Import the public certificate into the trust store used by ActiveMatrix BPM to authenticate incoming service requests:

      keytool -importcert -keystore CONFIG_HOM\bpm\amx.bpm.app\keystores\amx-bpm-wss-truststore.jks -file saml.cert 
   –alias saml

   See "Configuring TIBCO ActiveMatrix BPM to Use SSO to Authenticate Web Service Requests > Configuring TIBCO ActiveMatrix BPM to Access a Client’s Public Certificate" in TIBCO ActiveMatrix BPM -BPM Administration for more information about this trust store.

4. Convert the saml.jks keystore to the pkcs12 format, so that it can be imported into Microsoft Certificate Manager:

      keytool -importkeystore -srckeystore saml.jks -destkeystore
   saml.p12 -deststoretype pkcs12 -srcstorepass password
   -deststorepass password

5. Import the private key into Microsoft Certificate Manager. To do this:
   1. From Windows Explorer, right-click the saml.p12file and select Install PFX.
   2. On the Certificate Import Wizard appears, click Next to continue.
   3. In the File to Import screen, verify that the displayed file name is correct, then click Next.
   4. In the Passwordscreen, enter the password that you set earlier for the <saml> private key, then click Next.
   5. In the Certificate Store Certificate Store screen, click Place all certificates in the following store and use Browse to select the Trusted People certificate store.
   6. Click OK, then click Next.
   7. Click Finish.

      SAMLAuthDemo can now access this certificate store to sign the SAML assertion with the private key on an outgoing message request.

Copyright © Cloud Software Group, Inc. All rights reserved.