Configure a custom certificate for SSO in Collibra
If you configure single sign-on for accessing Collibra Platform, a default certificate is used. You can use this certificate for signing SAML authn requests or for SAML assertion encryption/decryption.
Instead of the default certificate, you can use your own certificate. However, keep in mind that you can only configure SSO with your own certificate via a REST API call.
Prerequisites
- The certificate must meet the following requirements:
- The certificate must be in PEM format.
- The PEM file must be unencrypted (no password).
- The PEM file must contain the server certificate the private key of that certificate.
Tip To convert a key to a PEM key:
openssl rsa -in <pem-key>.key -out <rsa-key>.pemExample PEM file:
-----BEGIN RSA PRIVATE KEY-----
MIIEvgIBADA ... bml6YXRpb252YWxza
....
z3P668YfhUbKdRF6S42Cg6zn
-----END RSA PRIVATE KEY-----
# Your certificate
-----BEGIN CERTIFICATE-----
MIIFaDCCBFC ... bml6YXRpb252YWxza
...
lffygD5IymCSuuDim4qB/9bh7oi37heJ4ObpBIzroPUOthbG4gv/5blW3Dc=
-----END CERTIFICATE----- - A base64 encoding hash of an API user.
Tip You can calculate the base64 hash of the user as follows:
echo '<username>:<password>' | base64, for exampleecho 'apiUser:apiUserpassword' | base64results inYXBpVXNlcjphcGlVc2VycGFzc3dvcmQK
Use certificate for SAML assertion encryption
curl --location --request POST \
'https://<your_collibra_url>/rest/2.0/security/saml/certificate/ENCRYPTION' \
--header 'Authorization: Basic <base-64 encoding hash>' \
--form 'file=@"/path/to/pem-file"'
Use certificate for signing SAML authn requests
curl --location --request POST \ 'https://<your_collibra_url>/rest/2.0/security/saml/certificate/SIGNING' \
--header 'Authorization: Basic <base-64 encoding hash>' \
--form 'file=@"/path/to/pem-file"'