As a root user, log in to the host Access Manager 1.
Change to the directory where you unpacked the SAMLv2 installation files. Example:
# cd /tmp/saml2 # ls ../ ENTITLEMENT.TXT saml2silent LICENSE.TXT samlv2-1.0-solaris-sparc.tar README.TXT version SUNWsaml2/ |
Modify the saml2silent file to reflect the location of the deployed Access Manager WAR file.
Make a backup copy of the saml2silent file before making any changes to it.
See changes in boldface in the following example:
############### START OF VARIABLE DEFINITIONS ########################### STAGING_DIR=/opt/SUNWwbsvr/https-AccessManager-1.example.com/ is-web-apps/services ADMINPASSWD=4m4dmin1 DEPLOY_SAMPLES=true # # SYSTEM # AM if SAML2 will be deployed on Access Manager # FM if SAML2 will be deployed on Federation Manager # installer will auto detect if not specified. # SYSTEM=AM # AM_INSTANCE # SAML2 will be deployed on the specified AM instance. # If it is not specified, SAML2 will be configured on the first AM instance. # AM_INSTANCE= # # LOAD_SCHEMA if true will load SAML2 SDS/AD schema # DS_DIRMGRDN is the DN (distinguished name) of the directory manager, # the user who has unrestricted access to Directory Server. # DS_DIRMGRPASSWD is the password for the directory manager # LOAD_SCHEMA=true DS_DIRMGRDN="cn=Directory Manager" DS_DIRMGRPASSWD=dirm4n4ger # # IDPDISCOVERY_ONLY set to true will only configure idpdiscovery service # COMMON_COOKIE_DOMAIN IDP Discovery service cookie domain # COOKIE_ENCODE set to true, common domain cookie will be encoded. IDPDISCOVERY_ONLY=false COMMON_COOKIE_DOMAIN= COOKIE_ENCODE=true ############### END OF VARIABLE DEFINITIONS ################################ |
Run the SAMLv2 installer.
# ./saml2setup install -s saml2silent |
When installation is complete, you will see the following message:
Hosted entity descriptor for realm "/" was written to file "idpMeta.xml" successfully. Hosted entity config for realm "/" was written to file "idpExtended.xml" successfully. Hosted entity descriptor for realm "/" was written to file "spMeta.xml successfully. Hosted entity config for realm "/" was written to file "spExtended.xml" successfully. Meta data created !!! Circle of trus "samplecot" is created successfully. Loading SAML2 schema... The new AM server war /opt/SUNWam/amserver.war is ready for deploy! |
In this deployment example, complete proceeding steps before deploying the WAR file.
Load the SAMLv2 users schema into the Access Manager users instance.
#cd /opt/SUNWam/saml2/ldif # ldapmodify -h LoadBalancer-2.example.com -p 489 -D "cn=Directory Manager" -w dirm4n4ger -f saml2_sds_schema.ldif modifying entry CN=schema |
Go to the directory where you downloaded and unpacked the SAMLv2 patch installation file.
# cd /temp/saml2patch/122983-02 # ls LEGAL_LICENSE.TXT LICENSE.TXT patchinfo postbackout postpatch prebackout prepatch README.122983-01 rel_notes.html SUNWsaml2 |
Run the SAMLv2 patch installer.
# cd /temp/saml2patch # patchadd -G 122983-02 |
When installation is complete, you will see the following message:
Patch packages installed: SUNWsaml2 |
Go to the directory where the SAMLv2 update script is located.
# cd /opt/SUNWam/saml2/bin |
Run the update script.
# ./saml2setup update -s saml2silent |
Any updates required because of the newly-installed patch are made in SAMLv2.
Restart Access Manager 1.
# cd /opt/SUNWwbsvr/https-AccessManager-1.example.com # ./stop;./start |
This deployment uses Sun Java System Web Server which does not require you to redeploy the Access Manager WAR file at this point. If you are using any other web container, you must redeploy the Access Manager WAR file before restarting the Access Manager 1 server.
If you must uninstall and then re-install the SAMLv2 patch for any reason, when you run the update script the script may fail. Search the saml2silent file for the string -- and delete all occurrences. The script may have inadvertently added the extraneous strings to the file.