community
cancel
Showing results for 
Search instead for 
Did you mean: 

alteryx connect Knowledge Base

Definitive answers from Connect experts.
How To: Add SAML IDP Signing Certificate to Connect Keystore   This article is intended to assist with inserting a certificate to be used to validate a SAML signature from a SAML Identity Provider (IDP) when used with Alteryx Connect. This article will only be needed if your IDP is signing assertions or other traffic with a specific cert that may be self-signed or not trusted by a widely trusted Certificate Authority (CA).   An error message may be received while attempting to validate the signature from an IDP if this is not inserted. An example is below:     org.opensaml.saml2.metadata.provider.MetadataProviderException: org.opensaml.saml2.metadata.provider.MetadataProviderException: Error filtering metadata from {metadataURL}.xml ...(trimmed) Caused by: org.opensaml.saml2.metadata.provider.MetadataProviderException: Error filtering metadata from {metadataURL}.xml ...(trimmed) Caused by: org.opensaml.saml2.metadata.provider.FilterException: Signature trust establishment failed for metadata entry     Prerequisites   Alteryx Connect >= 2018.1 Remote Desktop (RDP) or other direct access to the Alteryx Connect machine Windows Administrator account on the Alteryx Connect machine Alteryx Connect account within the "Administrators" group Certificate (.cer) or other X509 certificate file available to import This certificate should be the IDP's signing certificate or part of the certificate chain If you are not sure where to obtain this certificate, reach out to an administrator or support group for the CA, or your IT team for assistance   Procedure   Verify that the certificate file is available on the Alteryx Connect machine's local file system You will also need the password for the SAML keystore (samlKeystore.jks in the ac_work directory). If you do not have this keystore password, follow the sub-steps to change the password Open Alteryx Connect in a web browser and login with an Administrator account Open the Administration panel by clicking on your account name in the upper-right corner and choosing Administration from the drop-down Click Connect Configuration from the Admin Menu Click Single Sign-On within the Connect Configuration panel Click Advanced settings near the bottom of the page Specify a new password in the Password field Click Save Open a   Command Prompt (cmd.exe) as Administrator   on the Alteryx Connect machine's desktop Change directory to the Java bin directory of your Alteryx Connect installation. Replace   {InstallDir} in the command below with the root path of your Alteryx Connect installation. Press Enter Command Line:   cd "{InstallDir}\jre\bin" Example: cd "C:\Program Files\AlteryxConnect\jre\bin"   The keytool.exe utility will need to be used in order to insert the certificate. Replace   {file} in the command below with the full path to the certificate file being used. Replace   {InstallDir} with the root path of your Alteryx Connect installation. Replace   {alias}   with a desired identifier for the certificate you are inserting. Replace {samlKeystorePassword} with the password gathered in Step 2 above. Command Line:   keytool.exe -importcert -file "{cert}" -keystore "{InstallDir}\ac_work\samlKeystore.jks" -alias "{alias}" -storepass {samlKeystorePassword} Example: keytool.exe -importcert -file "C:\Users\username\Desktop\SAMLSigningCert.cer" -keystore "C:\Program Files\AlteryxConnect\ac_work\samlKeystore.jks" -alias "ADFS_Signing" -storepass keystorePassword22   Press   Enter Executing the command above should return information about the certificate and a prompt asking to trust the certificate. Make sure the information in the return matches the expected values, then type yes   at the prompt. Press Enter       Verify you receive the return Certificate was added to keystore If you receive an error, review the error message and make any corrections necessary. Restart   the Alteryx Connect   service to apply the changes.      Additional Resources   How To: Configure SAML on Alteryx Connect for Active Directory Federation Services (ADFS)
View full article
How To: Add Web Connection Certificate to Alteryx Connect Keystore   This article is intended to instruct on the operation of adding a certificate to Alteryx Connect's Java Keystore (cacerts). This process is useful if you need to add a certificate for a direct SSL-based web connection from the Alteryx Connect service, e.g. to retrieve a metadata XML file from an internal SAML provider with a self-signed or internally signed SSL/HTTPS certificate that may not be trusted by a globally trusted CA or similar. This process is not intended to resolve SSL connection issues with Metadata Loader processes. Typically, this process would only be necessary when attempting to configure SAML-based authentication with an on-premises SAML identity provider. An error message also may be displayed that may require you insert a certificate to this store, similar to the following: org.opensaml.saml2.metadata.provider.MetadataProviderException: org.opensaml.saml2.metadata.provider.MetadataProviderException: Error retrieving metadata from {metadataURL}.xml ...(trimmed) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ...(trimmed) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ...(trimmed) Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target     Prerequisites   Alteryx Connect >= 2018.1 Remote Desktop (RDP) or other direct access to the Alteryx Connect machine Windows Administrator account on the Alteryx Connect machine Certificate (.cer) or other X509 certificate file available to import This certificate should ideally be the Certificate Authority (CA)'s root signing certificate, but can also be the certificate used for the remote machine itself If you are not sure where to obtain this certificate, reach out to an administrator or support group for the CA, or your IT team for assistance   Procedure   Verify that the certificate file is available on the Alteryx Connect machine's local file system Open a Command Prompt (cmd.exe) as Administrator on the Alteryx Connect machine's desktop Change directory to the Java bin directory of your Alteryx Connect installation. Replace {InstallDir} in the command below with the root path of your Alteryx Connect installation. Press Enter Command Line: cd "{InstallDir}\jre\bin" Example: cd "C:\Program Files\AlteryxConnect\jre\bin" The keytool.exe utility will need to be used in order to insert the certificate. Replace {file} in the command below with the full path to the certificate file being used. Replace {InstallDir} with the root path of your Alteryx Connect installation. Replace {alias} with a desired identifier for the certificate you are inserting. Command Line: keytool.exe -importcert -file "{cert}" -keystore "{InstallDir}\jre\lib\security\cacerts" -alias "{alias}" -storepass changeit Example: keytool.exe -importcert -file "C:\Users\username\Desktop\CACert.cer" -keystore "C:\Program Files\AlteryxConnect\jre\lib\security\cacerts" -alias "ADFS_Web" -storepass changeit Press Enter Executing the command above should return information about the certificate and a prompt asking to trust the certificate. Make sure the information in the return matches the expected values, then type yes at the prompt. Press Enter   Verify you receive the return Certificate was added to keystore If you receive an error, review the error message and make any corrections necessary. Restart the Alteryx Connect service to apply the changes.    Additional Resources   {Note to self - Add resources to SAML setup article once completed}
View full article
With version 2019.1, you can make Connect run on https protocol and make the communication between client and server much more secure. This is an enhancement from the previous version, when you had to manually change configuration files, download SSL tools and execute several of commands. Now you can do it in a user friendly way just by using the Installer.
View full article
This article is a guide on how to import a Certificate Authority (CA) signed certificate after enabling SSL with the Installer.  
View full article
While attempting to add your Gallery (Alteryx Server) to your Connect instance you may get an error about related to your SSL certificate. This article provides step-by-step instructions for troubleshooting this issue.
View full article