|
|
|
Before you run the Configuration wizard, be prepared with the following information:
Specifies the database type (SQL or Oracle) you plan to use for the policy store.
Identifies the database used by Federation Manager.
Specifies the host name or IP address of the server where the database is installed.
The following are the allowable entries, based on operating environment and database type:
Windows (Oracle and SQL): IPv4 address, host name
UNIX (Oracle): IPv4 address, host name
UNIX (SQL): IPv4 address, IPv6 address, host name
Important! Do not use square brackets around an IPv6 address in this field. The omission of brackets applies only to this setting. Example: 3ff3:1900:4545:3:200:f8ff:fe25:67 (no square brackets)
If you want to use an SQL database named instance, enter the following value based on operating environment:
Windows: server_name\named_instance
Example: server01-w3s-t1\federation1
In this example, server01-w3s-t1 is the server name and federation1 is the instance name.
UNIX: server_name
Specify the database server name in this field, not the SQL named instance. Additionally, enter the port number of the SQL named instance in the Database port field.
Example: server01-w3s-t1
Names the database instance.
Limits
SQL: Database name
Oracle: Name of the Oracle user with CONNECT and RESOURCE roles for the tablespace where Federation Manager creates and manages database tables.
Identifies the port the database is listening on. Change the port number if the database is not running on the default port. For example, if you specified an SQL named instance for the database server, enter the port for this database instance.
Defaults
SQL:1433
Oracle: 1521
Names the administrator with super administrative privileges to access the database, and create and manage database tables.
The user name can contain any printable character except for the forward slash (/). The forward slash cannot be used for an Oracle database because it causes the connection to the database to fail.
Specifies the password for the database administrator account. The password can contain any printable character except for the forward slash (/). The forward slash cannot be used for an Oracle database because it causes the connection to the database to fail.
Specifies the TCP port number that Federation Manager is listening on.
Default: 44442
Limit: A numeric value except 44443, 44444, 44445. The port numbers 44443, 44444, 44445 are not permitted.
Determine how to implement Federation Manager in your environment.
The deployment mode options are:
In a proxy mode deployment, Federation Manager is the main entry point to all backend resources.
Select this mode if:
Note: You can protect the HTTP Headers against modification by an unauthorized user by setting an HTTP Header prefix. More information is available for protecting HTTP Headers in proxy mode.
In a standalone mode deployment, Federation Manager is deployed along side either SiteMinder Web Agents or third-party web servers. In this case, Federation Manager handles only federation requests; web servers handle all other requests.
Select this mode if you want to limit federation traffic to Federation Manager and off-load the handling of regular web traffic to other web servers.
In standalone mode, you cannot pass user attributes from an assertion using HTTP headers. You cannot add HTTP headers to the response. No mechanism between the web server and the browser exists to make this modification.
Identifies the fully qualified domain name of the backend server where Federation Manager forwards the requests for federated resources.
Federation Manager uses the open source Apache web server as the HTTP listener for incoming requests.
Identifies the fully qualified domain name of the Federation Manager deployment. This server name does not necessarily map to the system where Federation Manager is installed. You can consider it a virtual host.
Specifies the email address for the database administrator.
The Apache server installed with Federation Manager requires this setting. The Apache server uses the e-mail address of the administrator in its default error messages when problems occur. The e-mail address is set with the ServerAdmin directive and can be any valid e-mail address.
Note: The events forwarded to this address are server-specific errors and warnings for the Apache server. The messages are not related to federation.
Specifies the port listening for HTTP requests.
Default: 80
Note: If you have another web server on your system using port 80, change the default port for the Apache web server.
Specifies the Apache port listening for SSL requests.
Default: 443
Note: If you have another web server on your system using port 443, change the default SSL port for the Apache web server.
Specifies the port listening for Federation Manager UI HTTP requests.
If you change this port, be aware that it must be internal-facing and must not be accessible from the Internet.
Default: 8888
Specifies the port listening for Federation Manager UI SSL requests.
If you change this port, be aware that it must be internal-facing and must not be accessible from the Internet.
Default: 8889
Important! The port numbers must be unique for the following settings:
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |