Enabling SSL for SAML or OIDC authentication

To set up Validate tools to use a secure SSL or HTTPS connection, follow the instructions in Using a secure Validate Server connection.

Additionally, you need to add your certificate to either the Validate JVM or your machine's trusted keystore.

Import certificate to Validate JVM or other trusted keystore

An example command for importing a certificate to your Validate JVM is shown below:

<install_dir>/_jvm/bin/keytool -import -alias <alias_name> -file <path_to_certificate>/server.crt -keystore <install_dir>/_jvm/lib/security/cacerts

Troubleshoot

Use the following tips if you encounter issues while setting up your secure server:

  • If the SSL server is incorrectly configured and the server start command refuses to complete, you may not be able to use kwservice stop to stop the server. Manually stop the server and restart it again once properly configured.

  • Once SSL is enabled, remember to update the redirect URLs on your IdP. Ensure that all redirect URLs that relate to the Validate Server are qualified with HTTPS.

  • (For OIDC only): The redirect URL in your auth.properties should also be set correctly with HTTPS. For example:

    spring.security.oauth2.client.registration.<realm>.redirect-uri=https://url:1234/kwauthgateway/login/oauth2/code/kwopenid