Java 1.8 or Java 11 runtime environment
Inbound port required for SAML communication from end-user device/browser (defaults to port 8443). If users can login from IdP on the public Internet, then this port must be public.
Outbound SSL port 443 opened to keepersecurity.com.
SSL private key (PKCS#12 or Java Keystore). During initial testing, a self-signed certificate is sufficient but users will receive a browser security warning.
FQDN assigned to the instance or to the load balancer.
Initial installation of Keeper SSO Connect can be performed on a single instance prior to being deployed in an HA environment. After the service is configured, the settings will automatically synchronize between load balanced instances. Make sure that the correct version of Java is installed and in your path. Java 1.7, Java 9, and Java 10 are NOT supported.
$ java -version
If java is not found, please install it. For example:
ubuntu:~$ sudo apt install openjdk-11-jre-headless
Download and unzip the SSO Connect service:
ubuntu:~$ mkdir keeperubuntu:~$ cd keeper/ubuntu:~/keeper$ wget https://keepersecurity.com/sso_connect/KeeperSso_java.zipubuntu:~/keeper$ unzip KeeperSso_java.zip
Then start the Keeper SSO Connect service:
$ java -jar SSOConnect.jar
Now that the application is installed, you can configure SSO using the web browser GUI or through the command line. Configuration options are discussed in the next section.