Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Add a Java keystore for SAML

Log in to subscribe to topics and get notified when content changes.

Add a Java keystore for SAML

You can add Java keystores to the SAML application if you want another repository for your SAML security certificates.

Before you begin

Role required: admin

About this task

By default, SAML 2 Single Sign-on provides a default keystore named SAML 2.0 SP Keystore which uses 1024 bits and is SHA1. This keystore is active by default. If you need to use a key with 2048 bit key and SHA256, you need to activate this certificate before you generate your metadata with the x509 certificate. You can add keystores as needed and specify which one to use by default with a property.


  1. Navigate to System Definition > Certificates.
  2. Fill in the fields on the form (see table).
  3. Click Submit.
    Adding a Java Key Store
    Table 1. X.509 Certificate form
    Field Description
    Name Enter a descriptive name.
    Active Select Active to keep the key store available.
    Short description Enter a description for the key store.
    Type Select Java Key Store.
    Key store password Enter the password for the key store.
  4. To set the default key store, enter sys_properties.list in the application filter.

    The list of system properties opens.

  5. Find and open the following property: glide.authenticate.sso.saml2.keystore.

    The Value field shows the Sys ID of the default key store: SAML 2.0 SP Keystore. Use this property when the system has multiple key stores for signed authentication or signed logout. Starting with Geneva patch 7, this property uses your configured key store if you upgrade from a version prior to the Geneva release. Prior to the Geneva patch 7, this property kept the default value upon upgrade, regardless of any changes you made.

  6. Paste the Sys ID of the key store record that you created into the Value field.
  7. Click Update.