To install the SAML v2 Plug-in for Federation Services you must have an installation configuration properties file based on the template saml2silent. The saml2silent template is included with the installation binaries and can be modified based on your deployment. The saml2silent template can be found on the top-level of the directory to which the binaries were unpacked. Following is a sample installation configuration properties file that might be used to install the SAML v2 Plug-in for Federation Services on an instance of Federation Manager. Descriptions of the properties themselves can be found in Table 2–2.
############### START OF VARIABLE DEFINITIONS ############### STAGING_DIR=/var/opt/SUNWam/fm/war_staging ADMINPASSWD=11111111 DEPLOY_SAMPLES=true SYSTEM=FM AM_INSTANCE= LOAD_SCHEMA=true DS_DIRMGRDN="cn=Directory Manager" DS_DIRMGRPASSWD=22222222 IDPDISCOVERY_ONLY=false COMMON_COOKIE_DOMAIN= COOKIE_ENCODE=true ############### END OF VARIABLE DEFINITIONS ###############
Your modified installation file is used as input to the installer utility, saml2setup. More information on the installer utility can be found in Installing the SAML v2 Plug-in for Federation Services.
Property |
Definition |
---|---|
STAGING_DIR |
Defines the staging directory for the SAML v2 Plug-in for Federation Services WAR.
|
ADMINPASSWD |
Specifies the password chosen for the underlying product's administrator; by default, amadmin. |
DEPLOY_SAMPLES |
Defines whether the included sample will be deployed as part of the installation. The default value is true. |
SYSTEM |
Defines the server product into which the plug-in will be installed. It takes a value of AM if installing into an instance of Access Manager or FM if installing into an instance of Federation Manager. If no value is specified, the installer will automatically detect the server product. |
AM_INSTANCE |
Used if there are multiple instances of Access Manager. The value would be the name of the particular instance. If no value is specified, the installer will automatically detect the first instance of Access Manager. Note – This variable has no relevance when installing into an instance of Federation Manager. |
LOAD_SCHEMA |
Defines whether or not to automatically load the LDAP schema. The default value is true. There are instances when you might load the LDAP schema manually. For example, if ldapmodify is not available, you might set LOAD_SCHEMA to false. |
DS_DIRMGRDN |
Defines the distinguished name (DN) of the user that has permissions to bind to the LDAP directory. This is required when LOAD_SCHEMA is true. |
DS_DIRMGRPASSWD |
Defines the password associated with the user DN that will bind to the LDAP directory. This is required when LOAD_SCHEMA is true. Caution – The value of this property is very sensitive. Be sure to protect the password after installation by removing it entirely from the file, or protect the file itself by setting the appropriate permissions. |
IDPDISCOVERY_ONLY |
Defines whether the installer will configure the SAML v2 Plug-in for Federation Services or the SAML v2 IDP Discovery Service only. If true, only the SAML v2 IDP Discovery Service will be configured. If false, the full SAML v2 Plug-in for Federation Services will be configured. The default value is false. Note – For more information on the SAML v2 IDP Discovery Service, see Installing the SAML v2 IDP Discovery Service and The SAML v2 IDP Discovery Service. |
COMMON_COOKIE_DOMAIN |
Defines the common domain for the SAML v2 IDP Discovery Service. The value of this property must be set to .cookie-domain-name as in .sun.com. |
COOKIE_ENCODE |
Defines whether the common domain cookie will be URL encoded before setting and URL decoded before reading. If set to true the SAML v2 IDP Discovery Service will encode the cookie before setting and decode it before reading. If set to false, the SAML v2 IDP Discovery Service will not encode or decode the cookie. It will be set and received as is. |