Categories:

System Functions (System Information)

SYSTEM$GENERATE_SAML_CSR¶

Generates a certificate signing request (CSR) with the subject set to the subject of the certificate stored in the SAML2 integration and can specify the DN to be used in the CSR.

Syntax¶

SYSTEM$GENERATE_SAML_CSR( <name> , <DN> )
Copy

Arguments¶

name

The name of the SAML2 security integration to generate the CSR.

Required.

DN

The distinguished name to be used the CSR. Note that a DN is a string of relative DNs separated by commas. For example:

'cn=juser, ou=dev, ou=people, o=eng, dc=com'

Optional.

If missing, the DN of the current certificate will be used. If using the self-signed certificate, the value will be the account alias, if set, or the account name.

Usage notes¶

None.

Example¶

To generate a CSR with the subject set to the subject of the current certificate stored in the SAML2 integration, execute the function with the name parameter only. For example:

select system$generate_saml_csr('my_idp');

--------------------------------------------------------------------------------------------------+
SYSTEM$GENERATE_SAML_CSR('MY_IDP')                                                                |
--------------------------------------------------------------------------------------------------+
-----BEGIN NEW CERTIFICATE REQUEST-----                                                           |
MIICWzCCAUMCAQAwFjEUMBIGA1UEAxMLVEVTVEFDQ09VTlQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCRpyZ  |
...                                                                                               |
-----END NEW CERTIFICATE REQUEST-----                                                             |
--------------------------------------------------------------------------------------------------+
Copy

Note

The current certificate refers to the value of the SAML2_SNOWFLAKE_X509_CERT in the SAML2 integration (row 7 after executing a DESCRIBE INTEGRATION statement on the SAML2 integration).

This certificate value could be the self-signed certificate or a certificate uploaded previously using an ALTER SECURITY INTEGRATION statement as shown in Manage Your SAML2 security integration.

To generate a CSR with the CSR’s subject set to a given value, execute the function with both the name and DN parameters. For example:

select system$generate_saml_csr('my_idp', 'cn=juser, ou=dev, ou=people, o=eng, dc=com');

--------------------------------------------------------------------------------------------------+
SYSTEM$GENERATE_SAML_CSR('MY_IDP')                                                                |
--------------------------------------------------------------------------------------------------+
-----BEGIN NEW CERTIFICATE REQUEST-----                                                           |
MIICWzCCAUMCAQAwFjEUMBIGA1UEAxMLVEVTVEFDQ09VTlQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCRpyZ  |
...                                                                                               |
-----END NEW CERTIFICATE REQUEST-----                                                             |
--------------------------------------------------------------------------------------------------+
Copy

You can then upload the certificate for that private key using the CSR generated by the function into Snowflake.