# Installation - Linux

## Installation - Linux

#### **Instance Requirements**

1. Java 11 runtime environment<br>
2. Inbound port required for SAML communication from end-user device/browser (defaults to port 8443). If users can login from IdP on the public Internet, then this port must be public.<br>
3. Outbound SSL port 443 opened to keepersecurity.com.<br>
4. SSL private key (PKCS#12 or Java Keystore). During initial testing, a self-signed certificate is sufficient but users will receive a browser security warning.<br>
5. FQDN assigned to the instance or to the load balancer.

Initial installation of Keeper SSO Connect can be performed on a single instance prior to being deployed in an HA environment. After the service is configured, the settings will automatically synchronize between load balanced instances. Make sure that the correct version of Java is installed and in your path. **Java 1.7, Java 9, and Java 10 are NOT supported.**

```
$ java -version
```

If java is not found, please install it. For example:

```
ubuntu:~$ sudo apt install openjdk-11-jre-headless
```

Download and unzip the SSO Connect service:

```
ubuntu:~$ mkdir keeper
ubuntu:~$ cd keeper/
ubuntu:~/keeper$ wget https://keepersecurity.com/sso_connect/KeeperSso_java.zip
ubuntu:~/keeper$ unzip KeeperSso_java.zip
```

Then start the Keeper SSO Connect service:

```
$ java -jar SSOConnect.jar
```

Now that the application is installed, you can configure SSO using the web browser GUI or through the command line. Configuration options are discussed in the next section.

### OpenSSL v1.1.1

Keeper SSO Connect requires a valid signed SSL certificate that has been signed by a public certificate authority. Self-signed certificates may work for testing however most client applications will fail to connect.

Please use OpenSSL v1.1.1 to generate your SSL certificates. There is a known compatibility issue between certificates generated on OpenSSL 3.0 and Java 11.&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/sso-connect-on-prem/installation-and-setup/installation-linux.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.