Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Obtaining the token signing certificate for authenticating Pega Robot Manager users

Updated on November 29, 2022

Obtain the token-signing certificate that contains cryptographic private and public keys that digitally sign a security token when authenticating Robot Manager users through OAuth 2.0 with SAML bearer.

Follow these steps to obtain the token-signing certificate from Pega Robotic Automation Security Token Services.

Design Patterns: You can use other STS services to generate token-signing certificate that includes the Client Secret and Client ID, for example, Active Directory Federation Services (AD FS). For more information, see the Configuring AD FS and Pega Robot Manager for single sign-on design pattern on Pega Community Wiki.

You can skip these steps if your client already provides the token-signing certificate with a public key in the form of a keystore.

Tip: If your certificate is not a keystore, you can transform a .cer file into a keystore by using the command line. For example, you can use a command that is similar to the following one: keytool -importcert -file "fed-TokenSigning-2022-PEM.cer" -keystore fed-ADFS-2022.jks -alias "fed-ADFS-2022"
  1. Start the Pega Robotic Automation Security Token Service Configuration Console.
  2. Expand the Service Configuration list and select Token Signing.
  3. In the STS Token Signing Certificate field, select the certificate that you want to export.
  4. Click Export Public Cert to export the certificate.
    See the following figure for reference:
    Exporting the token signing certificate from the Security Token Service
    You must export the token signing certificate for authenticating Pega Robot Manager users.
  5. Save the certificate as a Java KeyStore (JKS) or Public-Key Cryptography Standards (PKCS12) file and include a password.
What to do next: Upload the token-signing certificate to Pega Platform and configure the OAuth security settings in Robot Manager.
    • Previous topic Authenticating Pega Robot Manager users through OAuth 2.0 with SAML bearer
    • Next topic Configuring Pega Robot Manager to support OAuth 2.0 with SAML bearer

    Have a question? Get answers now.

    Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

    Did you find this content helpful?

    Want to help us improve this content?

    We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

    Close Deprecation Notice
    Contact us