Categories:

System Functions (System Information)



Arguments¶

name

The name of the SAML2 security integration to generate the CSR.

Required.

DN

The distinguished name to be used the CSR. Note that a DN is a string of relative DNs separated by commas. For example:

'cn=juser, ou=dev, ou=people, o=eng, dc=com'

Optional.

If missing, the DN of the current certificate will be used. If using the self-signed certificate, the value will be the account alias, if set, or the account name.

None.

Example¶

To generate a CSR with the subject set to the subject of the current certificate stored in the SAML2 integration, execute the function with the name parameter only. For example:

select system$generate_saml_csr('my_idp'); --------------------------------------------------------------------------------------------------+ SYSTEM$GENERATE_SAML_CSR('MY_IDP')                                                                |
--------------------------------------------------------------------------------------------------+
-----BEGIN NEW CERTIFICATE REQUEST-----                                                           |
MIICWzCCAUMCAQAwFjEUMBIGA1UEAxMLVEVTVEFDQ09VTlQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCRpyZ  |
...                                                                                               |
-----END NEW CERTIFICATE REQUEST-----                                                             |
--------------------------------------------------------------------------------------------------+


Note

The current certificate refers to the value of the SAML2_SNOWFLAKE_X509_CERT in the SAML2 integration (row 7 after executing a DESCRIBE INTEGRATION statement on the SAML2 integration).

This certificate value could be the self-signed certificate or a certificate uploaded previously using an ALTER SECURITY INTEGRATION statement as shown in Managing Your SAML2 Security Integration.

To generate a CSR with the CSR’s subject set to a given value, execute the function with both the name and DN parameters. For example:

select system$generate_saml_csr('my_idp', 'cn=juser, ou=dev, ou=people, o=eng, dc=com'); --------------------------------------------------------------------------------------------------+ SYSTEM$GENERATE_SAML_CSR('MY_IDP')                                                                |
--------------------------------------------------------------------------------------------------+
-----BEGIN NEW CERTIFICATE REQUEST-----                                                           |
MIICWzCCAUMCAQAwFjEUMBIGA1UEAxMLVEVTVEFDQ09VTlQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCRpyZ  |
...                                                                                               |
-----END NEW CERTIFICATE REQUEST-----                                                             |
--------------------------------------------------------------------------------------------------+


You can then upload the certificate for that private key using the CSR generated by the function into Snowflake.