Configure SAML
TABLE OF CONTENTS
Creating Key and Certificate for SAML
SAML requires a key to sign/validate messages exchanged with the IdP. The key MUST be encrypted. Unencrypted keys won't be accepted.
-
create the key
openssl genrsa -aes128 -out saml_key.pem 2048
-
create the cert
openssl req -new -x509 -key saml_key.pem -out saml_cert.pem -days 365
-
combine them into one PEM
cat saml_key.pem saml_cert.pem > saml_key_cert.pem
Make sure to store the saml_key.pem
in a safe location.
Adjust settings.hcl
Copy the saml_key_cert.pem
to your Instana on-premise box and make sure instana-butler
user can read the file.
Configure the filepath saml_key_cert.pem
and key password
in the settings.hcl and then run instana update
.
baseUrl
has to be set to /auth
by default, it is only required to be different in specific cases.
saml {
base_url = "/auth"
cert {
crt = "<Enter-full-path-to-saml_key_cert.pem>"
key = "<Enter-password-for-the-key>"
}
}
Sign in to Instana, select "Management Portal" -> "Tenant Authentication" and head over to our docs on SAML authentication and authorization.
Replacing the Certificate
The certificate created above has a lifetime of 365 days, after which you will have to provide a new one.
To do so:
- Get
saml_key.pem
you have created before. -
create the cert
openssl req -new -x509 -key saml_key.pem -out saml_cert.pem -days 365
-
combine them into one PEM
cat saml_key.pem saml_cert.pem > saml_key_cert.pem
Copy the resulting saml_key_cert.pem
to pathToKeyCertPem
and restart butler.
For more information, head over to our docs on SAML authentication and authorization.