Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-20173

Request To Clarify SSL Certificates For Outlook Integration In SAML


    • ACT Numbers:




      Outlook Integration requires SSL but does not accept self-signed certificates. Our documentation explicitly instructs you to create a self-signed certificate for SAML. So if the documentation is strictly followed, customers will not be able to use Outlook Integration for SAML. The documentation for how to create the self-signed certificate for SAML needs to be updated to inform customers: "If you wish to use Outlook Integration please obtain and use a certificate from a trusted authority instead." Also, our documentation for Outlook Integration could use a section that instructs customers how to import the certificate into Outlook that SAML needs.

      More Details from MNT-20171:

      connection to Outlook for SAML requires SSL, and self-signed certificates do not work:

      http://docs.alfresco.com/outlook/tasks/Outlook-config-server.html ":

      For the HTTPS connection to work from the Alfresco Outlook Client to Alfresco, we strongly recommend using an SSL configuration for a production environment, as a self-signed certificate will not work."


      "Make sure you configure Alfresco for SSL before configuring SAML."

      The customer verified their use of certificates issued by certificate authority for Alfresco and Outlook.

      This would mean that the documentation http://docs.alfresco.com/saml/tasks/saml-amps.html to generate a self-signed certificate for SAML would create issues with Outlook and a message instructing customers to use CA certs for Outlook needs to be included:

      The SAML module does not supply a service provider certificate that is used to sign messages sent to the IdP. You must generate your own certificate, as shown below:
      This will generate a self-signed certificate.
      Run the following command:
      keytool -genkeypair -alias my-saml-key -keypass change-me -storepass change-me -keystore my-saml.keystore -storetype JCEKS
      Place the generated my-saml.keystore file into a location of your choice that is accessible to the repository.
      Set the file permissions accordingly to limit who can read it.
      Generate a SAML keystore metadata file in the same location as the keystore and add the following content:
      Set the file permissions accordingly to limit who can read it.
      Set the following values in the alfresco-global.properties file:






            • Assignee:
              integrationsteam Integrations Subsystem
              jking Job King
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created: