Categories:

System Functions (System Information)

SYSTEM$GENERATE_SAML_CSR

Generates a certificate signing request (CSR) with the subject set to the subject of the certificate stored in the SAML2 integration and can specify the DN to be used in the CSR.

Syntax

SYSTEM$GENERATE_SAML_CSR( <name> , <DN> )

Arguments

name

The name of the SAML2 security integration to generate the CSR.

Required.

DN

The distinguished name to be used the CSR. Note that a DN is a string of relative DNs separated by commas. For example:

'cn=juser, ou=dev, ou=people, o=eng, dc=com'

Optional.

If missing, the DN of the current certificate will be used. If using the self-signed certificate, the value will be the account alias, if set, or the account name.

Usage Notes

None.

Example

To generate a CSR with the subject set to the subject of the current certificate stored in the SAML2 integration, execute the function with the name parameter only. For example:

select system$generate_saml_csr('my_idp');

--------------------------------------------------------------------------------------------------+
SYSTEM$GENERATE_SAML_CSR('MY_IDP')                                                                |
--------------------------------------------------------------------------------------------------+
-----BEGIN NEW CERTIFICATE REQUEST-----                                                           |
MIICWzCCAUMCAQAwFjEUMBIGA1UEAxMLVEVTVEFDQ09VTlQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCRpyZ  |
...                                                                                               |
-----END NEW CERTIFICATE REQUEST-----                                                             |
--------------------------------------------------------------------------------------------------+

Note

The current certificate refers to the value of the SAML2_SNOWFLAKE_X509_CERT in the SAML2 integration (row 7 after executing a DESCRIBE INTEGRATION statement on the SAML2 integration).

This certificate value could be the self-signed certificate or a certificate uploaded previously using an ALTER SECURITY INTEGRATION statement as shown in Managing Your SAML2 Security Integration.

To generate a CSR with the CSR’s subject set to a given value, execute the function with both the name and DN parameters. For example:

select system$generate_saml_csr('my_idp', 'cn=juser, ou=dev, ou=people, o=eng, dc=com');

--------------------------------------------------------------------------------------------------+
SYSTEM$GENERATE_SAML_CSR('MY_IDP')                                                                |
--------------------------------------------------------------------------------------------------+
-----BEGIN NEW CERTIFICATE REQUEST-----                                                           |
MIICWzCCAUMCAQAwFjEUMBIGA1UEAxMLVEVTVEFDQ09VTlQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCRpyZ  |
...                                                                                               |
-----END NEW CERTIFICATE REQUEST-----                                                             |
--------------------------------------------------------------------------------------------------+

You can then upload the certificate for that private key using the CSR generated by the function into Snowflake.