Installation - Linux
Initial installation of Keeper SSO Connect on a Linux instance
- 1.Java 11 runtime environment
- 2.Inbound port required for SAML communication from end-user device/browser (defaults to port 8443). If users can login from IdP on the public Internet, then this port must be public.
- 3.Outbound SSL port 443 opened to keepersecurity.com.
- 4.SSL private key (PKCS#12 or Java Keystore). During initial testing, a self-signed certificate is sufficient but users will receive a browser security warning.
- 5.FQDN assigned to the instance or to the load balancer.
Initial installation of Keeper SSO Connect can be performed on a single instance prior to being deployed in an HA environment. After the service is configured, the settings will automatically synchronize between load balanced instances. Make sure that the correct version of Java is installed and in your path. Java 1.7, Java 9, and Java 10 are NOT supported.
$ java -version
If java is not found, please install it. For example:
ubuntu:~$ sudo apt install openjdk-11-jre-headless
Download and unzip the SSO Connect service:
ubuntu:~$ mkdir keeper
ubuntu:~$ cd keeper/
ubuntu:~/keeper$ wget https://keepersecurity.com/sso_connect/KeeperSso_java.zip
ubuntu:~/keeper$ unzip KeeperSso_java.zip
Then start the Keeper SSO Connect service:
$ java -jar SSOConnect.jar
Now that the application is installed, you can configure SSO using the web browser GUI or through the command line. Configuration options are discussed in the next section.
Keeper SSO Connect requires a valid signed SSL certificate that has been signed by a public certificate authority. Self-signed certificates may work for testing however most client applications will fail to connect.
Please use OpenSSL v1.1.1 to generate your SSL certificates. There is a known compatibility issue between certificates generated on OpenSSL 3.0 and Java 11.