Process to Renew SAM / Federation certificate:
1 )Backup Plan: Take the backup of bellow files
1 )Backup Plan: Take the backup of bellow files
i .oamkeystore
ii .oamtruststore
iii oam-config.xml
2)Generate the .oamkestore and .oamtrust store on oam server :-
- Development have removed the WLST command that was available in previous OAM versions to obtain the .oamkeystore keystore password, to enhance security. Therefore you will need to reset the OAM keystore password before you start.
- Open a terminal session on your OAM machine
- Go to the Location /middleware/Oracle_IDM1/common/bin
- ./wlst.sh (Run this command )
- connect()
- provide the server details and credencial to connect : t3://hostIP:port
user Id & password - domainRuntime()
- resetKeystorePassword()
password : *********
confirme password : *********
- Exit()Create oamkeystore run the bellow command :
- Go to the location of java keytool
- /keytool -genkeypair -alias samlsigningcer -keyalg RSA -keysize 2048 -sigalg sha1withrsa -dname cn="<machine name> " -validity 1000 -keystore /u01/app/middleware/user_projects/domains/domain/config/fmwconfig.oamkeystore -storetype JCEKSCreate oamtruststore by using bellow command :
- keytool -genkeypair -alias samlencryptiongcer -keyalg RSA -keysize 2048 -sigalg sha1withrsa -dname cn="<Machine name> " -validity 1000 -keystore /u01/app/middleware/user_projects/domains/domain/config/fmwconfig/.oamkeystore -storetype JCEKS
- OAM lunch pad → federation setting → oamkeystore → add the two new entry and select the samlining alisas name and samlencruption alisas and provide the password and save it.
- SAML Metadat we can find on OAM Lunch Pad -> federation setting select ->encryption key and singing key and import the metadata .
Import the certificate from metadata and save as .cer file and then
Share the this meta data file and certificate with your service provider .
----------------------------------------------------------------------------------------------
No comments:
Post a Comment