Configure Service Provider

Creating Service Provider Key and Certificate for IdP configuration

Service Provider (SAML/OIDC) requires a key to sign/validate messages exchanged with the IdP. The key MUST be encrypted. Unencrypted keys won't be accepted.

  • create the key

    openssl genrsa -aes128 -out sp_key.pem 2048

  • create the cert

    openssl req -new -x509 -key sp_key.pem -out sp_cert.pem -days 365

  • combine them into one PEM

    cat sp_key.pem sp_cert.pem > sp_key_cert.pem

Make sure to store the sp_key_cert.pem in a safe location.

Adjust settings.hcl

Copy the sp_key_cert.pem to your Instana on-premise box and make sure the Instana installation can read the file. Configure the filepath sp_key_cert.pem and key_pass in the settings.hcl and then run instana update.

service_provider {
   key_cert_path = "/path/to/sp_key_cert.pem"
   key_pass = "key_pass"
 }

Sign in to Instana, select "Management Portal" -> "Tenant Authentication" and head over to our docs on SAML/OIDC authentication and authorization.

Replacing the Certificate

The certificate created above has a lifetime of 365 days, after which you will have to provide a new one.

To do so:

  • Get sp_key.pem you have created before.
  • create the cert

    openssl req -new -x509 -key sp_key.pem -out sp_cert.pem -days 365

  • combine them into one PEM

    cat sp_key.pem sp_cert.pem > sp_key_cert.pem

Copy the resulting sp_key_cert.pem to pathToKeyCertPem and restart instana.

For more information, head over to our docs on SAML/OIDC authentication and authorization.