Installation - Linux

Initial installation of Keeper SSO Connect on a Linux instance

Installation - Linux

Instance Requirements

  1. Java 1.8 or Java 11 runtime environment

  2. Inbound port required for SAML communication from end-user device/browser (defaults to port 8443). If users can login from IdP on the public Internet, then this port must be public.

  3. Outbound SSL port 443 opened to keepersecurity.com.

  4. SSL private key (PKCS#12 or Java Keystore). During initial testing, a self-signed certificate is sufficient but users will receive a browser security warning.

  5. FQDN assigned to the instance or to the load balancer.

Initial installation of Keeper SSO Connect can be performed on a single instance prior to being deployed in an HA environment. After the service is configured, the settings will automatically synchronize between load balanced instances. Make sure that the correct version of Java is installed and in your path. Java 1.7, Java 9, and Java 10 are NOT supported.

$ java -version

If java is not found, please install it. For example:

ubuntu:~$ sudo apt install openjdk-11-jre-headless

Download and unzip the SSO Connect service:

ubuntu:~$ mkdir keeper
ubuntu:~$ cd keeper/
ubuntu:~/keeper$ wget https://keepersecurity.com/sso_connect/KeeperSso_java.zip
ubuntu:~/keeper$ unzip KeeperSso_java.zip

Then start the Keeper SSO Connect service:

$ java -jar SSOConnect.jar

Now that the application is installed, you can configure SSO using the web browser GUI or through the command line. Configuration options are discussed in the next section.