Configure SAML

Creating Key and Certificate for SAML
Adjust settings.hcl
Replacing the Certificate

Creating Key and Certificate for SAML

SAML requires a key to sign/validate messages exchanged with the IdP. The key MUST be encrypted. Unencrypted keys won't be accepted.

create the key

openssl genrsa -aes128 -out saml_key.pem 2048
create the cert

openssl req -new -x509 -key saml_key.pem -out saml_cert.pem -days 365
combine them into one PEM

cat saml_key.pem saml_cert.pem > saml_key_cert.pem

Make sure to store the saml_key.pem in a safe location.

Adjust settings.hcl

Copy the saml_key_cert.pem to your Instana on-premise box and make sure instana-butler user can read the file. Configure the filepath saml_key_cert.pem and key password in the settings.hcl and then run instana update.

baseUrl has to be set to /auth by default, it is only required to be different in specific cases.

saml {
  base_url = "/auth"
  cert {
    crt   = "<Enter-full-path-to-saml_key_cert.pem>"
    key   = "<Enter-password-for-the-key>"
  }
}

Sign in to Instana, select "Management Portal" -> "Tenant Authentication" and head over to our docs on SAML authentication and authorization.

Replacing the Certificate

The certificate created above has a lifetime of 365 days, after which you will have to provide a new one.

To do so:

Get saml_key.pem you have created before.
create the cert

openssl req -new -x509 -key saml_key.pem -out saml_cert.pem -days 365
combine them into one PEM

cat saml_key.pem saml_cert.pem > saml_key_cert.pem

Copy the resulting saml_key_cert.pem to pathToKeyCertPem and restart butler.

For more information, head over to our docs on SAML authentication and authorization.

Configure SAML

TABLE OF CONTENTS

Creating Key and Certificate for SAML

Adjust settings.hcl

Replacing the Certificate