This section contains the following topics:
Configure the SAML 1.x Assertion Generator Properties File
Review the JVMOptions File Which Creates a JVM
The Policy Server at the producer includes a component named the assertion generator. For SAML 1.x only, the AMAssertionGenerator.properties file is required for the assertion generator to generate assertions. This properties file also contains commented instructions, which you can read for more information about the settings in the file.
The installed location of this file is:
policy_server_home/config/properties
The assertion generator works without modifying the settings in this file. However, the file contains CA SiteMinder® default values that are used in the assertions, so change these values for your network.
To configure the AMAssertionGenerator.properties file
Specifies the URL that identifies the site issuing the assertion.
This URL must be the same value as the Issuer field that you complete for a SAML authentication scheme.
Note: Set this value properly so that SAML 1.x assertions are meaningful.
Identifies the domain of the producer, such as example.com
Specifies for the SAML 1.x artifact profile only, a unique ID in the artifact that identifies the producer. For more information, see the SAML specification at the OASIS website.
The values in this file must match the values for the equivalent settings at the consumer site.
Note: Updates to the AmAssertionGenerator.properties file are picked up after the Policy Server is restarted.
The JVMOptions.txt file contains the settings that the Policy Server uses when creating the Java virtual machine that is used to support Federation Web Services. SAML 1.x, SAML 2.0, and WS‑Federation use this file.
During a Policy Server upgrade, the existing JVMOptions.txt file is renamed to JVMOptions.txt.backup. A new JVMOptions.txt file is created.
If the original file included customized parameters, be sure to modify the newly created file to include these customized parameters.
The installed location of this file is:
policy_server_home/config/
Important! If you update the JVMOptions.txt file, restart the Policy Server for the changes to take effect.
Notes:
This command is case-sensitive so be sure to capitalize the X.
Copyright © 2013 CA.
All rights reserved.
|
|