SAML Support

Genesys Web Services supports Security Assertion Markup Language (SAML) for single sign-on (SSO) authentication.

Configuring SAML

To enable SAML, make the following configuration changes in the server-settings.yaml file on each of your Workspace Web Edition & Web Services nodes:

Start

1. Set the following options in the SSL and CA section:
   • caCertificate — should point to a JKS key storage that includes the SAML encryption key. See Generating Security Keys for details.
   • jksPassword — should be the password for the caCertificate key storage.
2. Set the following option in the SAML section:
   • samlSettings — the following properties are mandatory:
     • encryptionKeyName
     • signingKeyName
     • identityProviderMetadata
3. Save the changes to the server-settings.yaml file. Your configuration should look something like this:

# SSL and CA
caCertificate: /Users/samluser/Documents/Keys/keystore.jks
jksPassword: password

# SAML
samlSettings:
    serviceProviderEntityId: genesys.staging.htcc
    encryptionKeyName: client
    signingKeyName: client
    identityProviderMetadata: /Users/samluser/Documents/Metadata/idp-metadata.xml

End

Generating Security Keys

You can use the keytool utility that comes with the Java SDK to generate a JKS key store. Use the following command:

keytool -genkey -keystore <path_to_jks_file> -alias <key_name> -keypass <key_password> -storepass <store_password> -dname <distinguished_name>

If you already have a JKS key store, you can add a key to it by executing the command above with the same file name and the new key name and key password. For example:

keytool -genkey -keystore /opt/keystore.jks -alias encryption_key -keypass genesys -storepass genesys -dname "CN=HTCC, OU=R&D, O=Genesys, L=Daly City, S=California, C=US"