2.9 Creating a Keystore for One SSO Provider

Identity Manager Home and the Provisioning Dashboard use One SSO Provider (OSP) to enable single sign-on from multiple Identity Manager user interfaces. To enable single sign-on, you must create a Java KeyStore (JKS) file for OSP.

At a command prompt, enter the following command to create the osp keystore:

/JDKPath/jre/bin/keytool -genkey -keyalg RSA -keysize 2048 -keystore JBossInstallPath/server/IDMProv/conf/osp.jks -storepass KeystorePassword -keypass KeyPassword -alias osp -dname 'cn=PublicServerName'

For example:

/opt/novell/idm/jdk1.7.0_21/jre/bin/keytool -genkey -keyalg RSA -keysize 2048 -keystore /opt/novell/idm/jboss/server/IDMProv/conf/osp.jks -storepass n0v3ll -keypass n0v3ll -alias osp -dname 'cn=test.yourcompany.com'

NOTE:For the PublicServerName value of the -dname keytool option, you must specify a “public” URL or IP address that users can use to access your environment. You cannot use an internal host name or IP address.