Skip to main content

Appendix H: Single Sign-On and Single Sign Out

PK Protect supports Single Sign-On using SAML. To configure Single Sign-On and Single Sign-Out please perform the following steps:

  1. Verify that the property “pathtoSSLCert” exists in dgController.properties file under below mentioned path:-
    [Installed Directory]/Dataguise/DgSecure/tomcat8/webapps/dgcontroller/WEB-INF/classes/dgController.properties

    If not, then add below mentioned property in dgController.properties
    pathtoSSLCert= [Installed Directory]/Dataguise/DgSecure/DgCertificate/DgTestCertificate.cer

    Certificate Path:
    [Installed Directory]/Dataguise/DgSecure/DgCertificate/DgTestCertificate.cer

  2. Verify DgCertificate and Generate Private Key
    Path for Certificate - [Installed Directory]/Dataguise/DgSecure/DgCertificate/
    Commands

    Path for Verify JKS file and get the value of “keyAlias”, ‘keystorePass’ &’ keyPass’
    cat /[Installed Directory]/Dataguise/DgSecure/tomcat8/conf/server.xml

    <Connector port="10182" protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
    clientAuth="false" sslEnabledProtocols="TLSv1.2"

    keystoreFile="/[Installed Directory]/Dataguise/DgSecure/DgCertificate/DgTestCertificate.jks"    keystorePass="dataguise" keyPass="dataguise" keyAlias="dataguise"
    ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" server="Server" />

    Go to below path:
    /Installed Directory]/Dataguise/DgSecure/DgCertificate and execute below mentioned command:-

    Sample Command:
    keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias dataguise -srcstorepass dataguise -srckeypass dataguise -deststorepass dataguise -destkeypass dataguise

    Working Command:
    keytool -importkeystore -srckeystore DgTestCertificate.jks -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias dataguise -srcstorepass dataguise -srckeypass dataguise -deststorepass dataguise -destkeypass dataguise

    Please verify the private key with below command:
    openssl pkcs12 -in keystore.p12 -nocerts -nodes -out private.key

    Enter Import Password:
    MAC verified OK

    Delete the highlighted content from the private key and save it
    [ec2-user@ip-10-141-240-77 DgCertificate]$ cat private.key
    Bag Attributes
    friendlyName: dataguise
    localKeyID: 54 69 6D 65 20 31 35 30 39 35 33 30 37 31 30 35 33 37
    Key Attributes: <No Attributes>
    -----BEGIN PRIVATE KEY-----
    --key content----
    -----END PRIVATE KEY-----

Steps to configure from Admin:

  1. Go to Admin Settings.

  2. Select SSO.

  3. Click Enable

  4. Browse path to the Open AM metadata xml.

  5. Click Save Settings.
    Please contact PKWARE Support or Professional Services for more details on configuring SAML-based SSO with PK Protect 8.1.0.

If using email as authentication type, make sure the property basic is not set to uid.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.