orchestrator
2020.10
false
UiPath logo, featuring letters U and I in white
OUT OF SUPPORT

Orchestrator User Guide

Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Dec 12, 2023

Private Key Certificates

When configuring SAML 2.0 authentication, it is necessary to specify certain claims for the certificate provided by the identity provider. This is a step-by-step procedure on how to configure your Orchestrator instance to use a private key SAML certificate. The procedure begins with importing the certificate into the Windows Local Machine certificate store using Microsoft Management Console, and continues with the actual configuration steps required in Orchestrator/Identity Server.

Importing a Certificate in Windows

  1. Go to Control Panel > Manage Computer Certificates. The console is displayed.
  2. In the Console Root window's left pane, expand the Trusted Root Certification Authorities folder and then click Certificates.


  3. Right-click Certificates and then select All Tasks > Import. The Certificate Import Wizard is displayed.


  4. Make sure that Local Machine is selected in the Store Location section. Click Next.
  5. Click Browse and select the certificate to upload.
  6. Repeat this process for the Console Root / Personal folder.

Setting Orchestrator/Identity Server to Use the Certificate

  1. Once the upload is complete, the certificate should be displayed in the console.
  2. Double-click it. The Certificate dialog box is displayed.
  3. On the Details tab, scroll through the list of fields and click Thumbprint.


  4. Copy the hexadecimal characters from the box.
  5. Remove the spaces between the characters. For example, the thumbprint "a9 09 50 2d d8 2a e4 14 33 e6 f8 38 86 b0 0d 42 77 a3 2a 7b" should be specified as "a909502dd82ae41433e6f83886b00d4277a32a7b" in Identity Server's Saml2 settings within External Providers page.
    Note: When copied from the box on the Certificate window, the thumbprint contains several special characters that are only visible in ANSI encoding. Make sure to delete those using a suitable application such as Notepad++.

    See below an example of getting a thumbprint ready for Identity Server's Saml2 settings within External Providers page.



  6. In Identity Server's Saml2 settings within External Providers page, locate Signing Certificate section and set the following values for the attributes, as in the example below:
    • Store name - select My from the drop-box
    • Store location - select LocalMachine
    • Thumbprint - enter the thumbprint value you've previously prepared.

      Read here how to access Identity Server.



  7. Click Save to save the changes to the external identity provider settings.
  8. Restart the IIS server after performing any configuration changes within Identity Server.

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.