In order to set up Airlock IAM as SAML 2.0 Service Provider (SP), you need the following:
- ●SAML meta data file of the IDP ("idp.xml")
- ●Public URLs of the IAM acting as SP (domain and deployment path etc.)
- ●A JKS or PKCS12 key store with one (or better two for productive systems; one for signing, one for encryption) private key and certificate (can be self-signed and valid for a long time) to digitally sign SAML assertions
- ●The password for the key store
- ●The password for the private key (if it is password protected within the key store; for simplicity it is recommended to use the same password as above)
- ●The alias (also called "friendly name") of the certificate in the key store.
How to create a key store and export its public key is described here: 17.4.6.6. Creating a key store for SAML
To separate the various SAML files from the other Airlock IAM configuration file, it is advisable to create a separate SAML directory.
For this tutorial, we assume a directory named saml in the Airlock IAM instance being configured (e.g. instances/auth/saml). This will be called "SAML directory" from now on.