# Securing Admin Dashboard using SAML
Generate Keystore for SearchBlox Service-Provider
Configure Keystore, Identity-Provider metadata in SearchBlox
Configure SAML authentication in SearchBlox
Create Users in SearchBlox
Get Service-Provider metadata
## **Generate Keystore for SearchBlox Service-Provider**
Create Keystore using the following command
## **Configure Keystore, Identity-Provider metadata in SearchBlox**
Get the Identity-Provider metadata file and place it into the following path:
`<SEARCHBLOX_INSTALLATION_PATH>/webapps/searchblox/WEB-INF/classes/*CUSTOM FOLDER*`
(example:- saml/)
Example:-
`<SEARCHBLOX_INSTALLATION_PATH>/webapps/searchblox/WEB-INF/classes/saml/idp-metadata.xml`
`<SEARCHBLOX_INSTALLATION_PATH>/webapps/searchblox//WEB-INF/classes/saml/sb-samlKeystore.jks`
## **Steps in configuring SAML authentication in SearchBlox**
Go to `
<SEARCHBLOX_INSTALLATION_PATH>/webapps/searchblox/WEB-INF/saml-config.yml` and provide relevant values for the fields as given:
The description of fields and the values to be provided in the saml-config.yml file
| Column Title | Column Title |
| enablesamlauth | Give the value as **true** to enable SAML authentication |
| keystorepath | Give the Keystore file path. Example: If the files are placed in ../searchblox/WEB-INF/classes/saml then the Keystore path value should be Keystore path: saml/Keystore.jks |
| keystorepassword | Password used when generating keystore |
| privatekeypassword | The private password used when generating keystore |
| identityprovidermetadatapath | The path where the identity provider meta file is placed Example: If the files are placed in ../searchblox/WEB-INF/classes/saml then the keystore path value should be identityprovidermetadatapath: saml/testshib-providers.xml |
| searchbloxcontext | SearchBlox location |
## **Create Users in SearchBlox:**
This is to create roles for users in SearchBlox.
Important Information:
It is required to configure users before restarting SearchBlox.
Identity-Provider user has to be mapped with proper roles in SearchBlox. Therefore login to the SearchBlox admin
Navigate to “Admin” and select “Users” tab
Go to Add User Section
Provide username(should match with identity-Providers uid) and password then add the user based on your requirement.
## **Get Service-Provider metadata:**
It is required to configure service provider information into the identity provider. You can either upload the service provider metadata xml file into identity provider or update the details in the file into your identity provider Steps to generate the Service-Provider metadata file:
As in the previous steps make relevant changes to saml-config.yml and configure users.
Restart SearchBlox
Login to Admin console SearchBlox would redirect to Identity-Provider for authentication.
Service-Provider metadata file will now be available in the following path depending on your SearchBlox installation. If you are using tomcat: `
<tomcat installation dir>/bin/sp-metadata.xml` If you are using jetty: `<jetty home>/sp-metadata.xml`Get the file and configure it into your Identity-Provider.
SearchBlox will be configured with SAML authentication for the admin dashboard after completing the preceding steps.
Important Note:
If the Service-Provider metadata file is not available in the path mentioned in the preceding step, then please restart the SearchBlox server after configuring saml-config.yml. Try to login to the SearchBlox admin console, after SearchBlox redirects to the Identity-Provider service for authentication you can check the Service-Provider metadata file (sp-metadata.xml) on the path mentioned earlier.