Sun Java System SAML v2 Plug-in for Federation Services User's Guide

Creating an Installation Configuration Properties File

To install the SAML v2 Plug-in for Federation Services you must have an installation configuration properties file based on the template saml2silent. The saml2silent template is included with the installation binaries and can be modified based on your deployment. The saml2silent template can be found on the top-level of the directory to which the binaries were unpacked. Following is a sample installation configuration properties file that might be used to install the SAML v2 Plug-in for Federation Services on an instance of Federation Manager. Descriptions of the properties themselves can be found in Table 2–2.

############### START OF VARIABLE DEFINITIONS ###############

STAGING_DIR=/var/opt/SUNWam/fm/war_staging
ADMINPASSWD=11111111
DEPLOY_SAMPLES=true
SYSTEM=FM
AM_INSTANCE=
LOAD_SCHEMA=true
DS_DIRMGRDN="cn=Directory Manager"
DS_DIRMGRPASSWD=22222222
IDPDISCOVERY_ONLY=false
COMMON_COOKIE_DOMAIN=
COOKIE_ENCODE=true

############### END OF VARIABLE DEFINITIONS ###############

Note –

Your modified installation file is used as input to the installer utility, saml2setup. More information on the installer utility can be found in Installing the SAML v2 Plug-in for Federation Services.

Table 2–2 saml2silent Installation File Property Definitions


Property	Definition
`STAGING_DIR`	Defines the staging directory for the SAML v2 Plug-in for Federation Services WAR. The default staging directory on Access Manager is `/var/opt/product-directory/fm/war_staging`. For information specific to this variable when installing on Access Manager, see Installing on Sun Java System Access Manager 7 2005Q4. The default staging directory on Federation Manager is `/var/opt/SUNWam/fm/war_staging`. For information specific to this variable when installing on Federation Manager, see Installing on Sun Java System Federation Manager 7 2005Q4.
`ADMINPASSWD`	Specifies the password chosen for the underlying product's administrator; by default, `amadmin`.
`DEPLOY_SAMPLES`	Defines whether the included sample will be deployed as part of the installation. The default value is `true`.
`SYSTEM`	Defines the server product into which the plug-in will be installed. It takes a value of `AM` if installing into an instance of Access Manager or `FM` if installing into an instance of Federation Manager. If no value is specified, the installer will automatically detect the server product.
`AM_INSTANCE`	Used if there are multiple instances of Access Manager. The value would be the name of the particular instance. If no value is specified, the installer will automatically detect the first instance of Access Manager. Note – This variable has no relevance when installing into an instance of Federation Manager.
`LOAD_SCHEMA`	Defines whether or not to automatically load the LDAP schema. The default value is `true`. There are instances when you might load the LDAP schema manually. For example, if `ldapmodify` is not available, you might set `LOAD_SCHEMA` to `false`.
`DS_DIRMGRDN`	Defines the distinguished name (DN) of the user that has permissions to bind to the LDAP directory. This is required when `LOAD_SCHEMA` is `true`.
`DS_DIRMGRPASSWD`	Defines the password associated with the user DN that will bind to the LDAP directory. This is required when `LOAD_SCHEMA` is `true`. Caution – The value of this property is very sensitive. Be sure to protect the password after installation by removing it entirely from the file, or protect the file itself by setting the appropriate permissions.
`IDPDISCOVERY_ONLY`	Defines whether the installer will configure the SAML v2 Plug-in for Federation Services or the SAML v2 IDP Discovery Service only. If `true`, only the SAML v2 IDP Discovery Service will be configured. If `false`, the full SAML v2 Plug-in for Federation Services will be configured. The default value is `false`. Note – For more information on the SAML v2 IDP Discovery Service, see Installing the SAML v2 IDP Discovery Service and The SAML v2 IDP Discovery Service.
`COMMON_COOKIE_DOMAIN`	Defines the common domain for the SAML v2 IDP Discovery Service. The value of this property must be set to `.cookie-domain-name` as in `.sun.com`.
`COOKIE_ENCODE`	Defines whether the common domain cookie will be URL encoded before setting and URL decoded before reading. If set to `true` the SAML v2 IDP Discovery Service will encode the cookie before setting and decode it before reading. If set to `false`, the SAML v2 IDP Discovery Service will not encode or decode the cookie. It will be set and received as is.