(Update with the copy of version: 8.5.2) |
|||
| Line 1: | Line 1: | ||
=SAML Support= | =SAML Support= | ||
| − | Genesys Web Services supports Security Assertion Markup Language (SAML) for single sign-on (SSO) authentication. | + | Genesys Web Services supports Security Assertion Markup Language (SAML) for single sign-on (SSO) authentication. |
| + | |||
| + | ==Configuring SAML== | ||
| + | To enable SAML, make the following configuration changes in the '''server-settings.yaml''' file on each of your Workspace Web Edition & Web Services nodes:<br/> | ||
| + | |||
| + | '''Start''' | ||
| + | # Set the following options in the SSL and CA section: | ||
| + | #* [[Documentation:HTCC:Dep:HTCCConfigurationOptionsReference#caCertificate|caCertificate]] — should point to a JKS key storage that includes the SAML encryption key. See [[SecuredConnectionsSAML#Generating_Security_Keys|Generating Security Keys]] for details. | ||
| + | #* [[Documentation:HTCC:Dep:HTCCConfigurationOptionsReference#jksPassword|jksPassword]] — should be the password for the '''caCertificate''' key storage. | ||
| + | # Set the following option in the SAML section: | ||
| + | #* [[Documentation:HTCC:Dep:HTCCConfigurationOptionsReference#samlSettings|samlSettings]] — the following properties are mandatory: | ||
| + | #** encryptionKeyName | ||
| + | #** signingKeyName | ||
| + | #** identityProviderMetadata | ||
| + | # Save the changes to the '''server-settings.yaml''' file. Your configuration should look something like this: | ||
| + | <source lang="text"> | ||
| + | # SSL and CA | ||
| + | caCertificate: /Users/samluser/Documents/Keys/keystore.jks | ||
| + | jksPassword: password | ||
| + | |||
| + | # SAML | ||
| + | samlSettings: | ||
| + | serviceProviderEntityId: genesys.staging.htcc | ||
| + | encryptionKeyName: client | ||
| + | signingKeyName: client | ||
| + | identityProviderMetadata: /Users/samluser/Documents/Metadata/idp-metadata.xml | ||
| + | </source> | ||
| + | '''Stop''' | ||
| + | |||
| + | ==Generating Security Keys== | ||
| + | You can use the keytool utility that comes with the Java SDK to generate a JKS key store. Use the following command: | ||
| + | <source lang="text"> | ||
| + | keytool -genkey -keystore <path_to_jks_file> -alias <key_name> -keypass <key_password> -storepass <store_password> -dname <distinguished_name> | ||
| + | </source> | ||
| + | |||
| + | If you already have a JKS key store, you can add a key to it by executing the command above with the same file name and the new key name and key password. For example: | ||
| + | <source lang="text"> | ||
| + | keytool -genkey -keystore /opt/keystore.jks -alias encryption_key -keypass genesys -storepass genesys -dname "CN=HTCC, OU=R&D, O=Genesys, L=Daly City, S=California, C=US" | ||
| + | </source> | ||
| + | |||
| + | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
[[Category:V:HTCC:8.5.2DRAFT]] | [[Category:V:HTCC:8.5.2DRAFT]] | ||
Revision as of 14:02, February 24, 2015
SAML Support
Genesys Web Services supports Security Assertion Markup Language (SAML) for single sign-on (SSO) authentication.
Configuring SAML
To enable SAML, make the following configuration changes in the server-settings.yaml file on each of your Workspace Web Edition & Web Services nodes:
Start
- Set the following options in the SSL and CA section:
- caCertificate — should point to a JKS key storage that includes the SAML encryption key. See Generating Security Keys for details.
- jksPassword — should be the password for the caCertificate key storage.
- Set the following option in the SAML section:
- samlSettings — the following properties are mandatory:
- encryptionKeyName
- signingKeyName
- identityProviderMetadata
- samlSettings — the following properties are mandatory:
- Save the changes to the server-settings.yaml file. Your configuration should look something like this:
# SSL and CA
caCertificate: /Users/samluser/Documents/Keys/keystore.jks
jksPassword: password
# SAML
samlSettings:
serviceProviderEntityId: genesys.staging.htcc
encryptionKeyName: client
signingKeyName: client
identityProviderMetadata: /Users/samluser/Documents/Metadata/idp-metadata.xmlStop
Generating Security Keys
You can use the keytool utility that comes with the Java SDK to generate a JKS key store. Use the following command:
keytool -genkey -keystore <path_to_jks_file> -alias <key_name> -keypass <key_password> -storepass <store_password> -dname <distinguished_name>If you already have a JKS key store, you can add a key to it by executing the command above with the same file name and the new key name and key password. For example:
keytool -genkey -keystore /opt/keystore.jks -alias encryption_key -keypass genesys -storepass genesys -dname "CN=HTCC, OU=R&D, O=Genesys, L=Daly City, S=California, C=US"
Comments or questions about this documentation? Contact us for support!