Hi
I'm working on AEM 6.1 sp1. I'm dealing with 2 issues, one I'm not able to get SP Private Key Alias, second I'm not able to script the steps of SAML configuration,description below.
I've uploaded idp certificate, and also mine certificate and private key to /etc/key/saml as binaries. But it comes out when I go to Adobe Granite SAML 2.0 Authentication Handler configuration it requires from me 2xcertificate alias.
It comes out that I have to upload it thru truststore /libs/granite/security/content/useradmin.html to get alias.
So I''m uploading the idp.pem and I recive an alias - thats ok, but as it is wrote in SAML Handler configuration I need "SP Private Key Alias" - but non of the files that I generated either SP-server.pem or SP-server.PKCS8.key don't give me alias. Only when I upload the SP-server.crt I'm reciving alias. So at this moment I'm not sure if its correct or not? Where to get "SP Private Key Alias" ?
Second thing is even more important is I'm not able to do manual steps on production environment, but I can deliver content packages or scripts to be run - and here is a problem how to configure the above steps using scripts? Or what part of jcr I have to pack to provide the trustore with certificates. Of course Adobe Granite SAML 2.0 Authentication Handler configuration is not a problem to be uploaded.
Below is how I generate the keys and certificates.
openssl genrsa -out SP-server.pem 1024 - private key generate
openssl req -new -key SP-server.pem -out SP-server.csr - certificate signing request
openssl x509 -req -days 365 -in SP-server.csr -signkey SP-server.pem -out SP-server.crt - generate signed certificate
openssl pkcs8 -topk8 -inform PEM -outform DER -in SP-server.pem -nocrypt > SP-server.PKCS8.key -Convert a PEM file to DER
So after running those commands I get
SP-server.pem
SP-server.csr
SP-server.crt
SP-server.PKCS8.key
And idp.pem which I get from IDP
