As of vCommander® 6.0, the SAML Single Sign On configuration requires administrators to upload a keystore for the tomcat webserver using a p12 file. We've made this change to enhance the end-to-end security that protects your user sessions. Prior to following the steps in this article, you must first have completed the steps in the article Generating and Installing an SSL Certificate or Generating and Installing an SSL Certificate with Active Dirctory Certificate Services.


Requirements


  • keystore contains a key pair named tomcat
  • keystore is protected with password changeit
  • key pair is not password protected

If you followed the Embotics SSL instructions exactly as written in the article referenced above, these requirements are already satisfied. Where you chose to use a different keystore, key pair or password, you must replace the relevant values in the procedure below. If you do not have the information, Embotics Technical Support will not be able to retrieve it for you.

Preparing the Keystore


  1. On the vCommander application server, open a command prompt and browse to <INSTALL_DIRECTORY>\Embotics\vCommander\jre\bin\.
  2. Issue the command keytool -importkeystore -srckeystore ..\..\tomcat\conf\keystore -srcstoretype JKS -srcalias tomcat -srcstorepass changeit -destkeystore ..\..\tomcat\conf\saml-keystore.p12 -deststoretype PKCS12 -deststorepass changeit2 -destalias saml

    blob1476284905597.png

    This command extracts a key pair named tomcat from the original keystore and places it into a file. Passwords remain the same, if any were used.


  3. Retrieve the file <INSTALL_DIRECTORY>\Embotics\vCommander\tomcat\conf\saml-keystore.p12 and store in a secure location.


Extracting the SAML Keypair Certificate



  1. On the vCommander application server, open a command prompt and browse to <INSTALL_DIRECTORY>\Embotics\vCommander\jre\bin\.
  2. Issue the command keytool -export -keystore ..\..\tomcat\conf\saml-keystore.p12 -storetype PKCS12 -storepass changeit2 -alias saml -file ..\..\tomcat\conf\saml-key.cer.

    blob1476286017331.png


  3. Retrieve the file <INSTALL_DIRECTORY>\Embotics\vCommander\tomcat\conf\saml-key.cer and store in a secure location.