Agent Guides › SAML Affiliate Agent Guide › Install a SAML Affiliate Agent › Install the SAML Affiliate Agent in GUI Mode › Run the GUI Installation

Run the GUI Installation

To install a SAML Affiliate Agent, you must be logged into the account under which the web server was installed.

Note the following:

• Running a GUI-mode installation using the Exceed application can truncate text in the dialogs because of unavailable fonts. This limitation has no affect on Agent installation and configuration.
• If you want to run a GUI installation on a UNIX system using telnet or other terminal emulation software, use an X-Windows session running in the background.

  Additionally, set the DISPLAY variable to your terminal, as follows:

  DISPLAY=111.11.1.12:0.0

  export DISPLAY

  111.11.1.12:0.0 is the XServer IP address and location.

  If you try to run in GUI mode on a UNIX system using a telnet window without an X-Windows session, the installer throws a Java exception and exits.

  If you prefer, you can run a command-line installation from a console window.

• The variable saml_affiliate_agent_home refers to the installed location of the SAML Affiliate Agent.

To install the SAML Affiliate Agent

1. Exit all applications that are running and stop the web server.
2. Download the software from the Technical Support site.
3. Complete one of the following steps:

   Windows: Navigate to the win32 folder then double-click nete-af-version-win32.exe.

   Solaris: From the solaris folder, copy nete-af-version-sol.bin to a local directory, navigate to that directory and enter the following in a console window:

   ./nete-af-version-sol.bin

   Linux: From the linux folder, copy nete-af-version-linux.bin (for Linux 2.1) or nete-af-version-rhel30.bin (for Linux 3.0) to a local directory, navigate to that directory and enter the following in a console window:

   ./nete-af-version-linux.bin (for Linux 2.1)

   ./nete-af-version-rhel30.bin (for Linux 3.0)

   The setup program prepares the installation files.

4. In the Introduction dialog, read the information then click Next.
5. Read the License Agreement and select the option to accept the agreement. Then, click Next.

   If you do not accept the agreement, the installation terminates.

6. Read the notes in the Important Information dialog, then click Next.
7. In the Choose Install Folder dialog, accept the default installation location or use the Browse button to select a different location. Click Next.
8. In the Web Server dialog, do one of the following:
   • Select two web server instances, one of which is the SSL web server.
   • Select one instance with two ports, one of which is the SSL port.

   The SAML artifact is sent across an SSL connection to the consumer.

   Note: IIS and Sun Java System 6.0 can use one web server for SSL and non-SSL connections.

9. If prompted, specify the location of the Java Runtime Environment (JRE) by accepting the default location or by using the Browse button to select a different location.
10. In the URL Information dialog, respond to the configuration prompts then click Next:

    Important! Enter a root URL in the form http://address.domain.com:port—do not enter any additional text.

    When you specify a value for a root URL, the installation script appends additional information to it in the AffiliateConfig.xml file. For example, if you enter https://interceptor.domain.com:90 for the SSL Interceptor Root URL, the script appends /smafa/amts/test1.htm to it.

    1. Affiliate Cookie Domain—enter the domain for the local server where the SAML Affiliate Agent is installed, such as .netegrity.com.
    2. SSL Interceptor Root URL—enter the URL at the consumer site where the producer redirects users during consumer requests. The URL is for the secure web server at the consumer, where the SAML Affiliate Agent is installed. We recommend that you use an SSL connection and being the URL with https://, such as

       https://mysslserver.example.com:90

       The SSLInterceptorURL enables the SAML Affiliate Agent to obtain the SAML artifact, which identifies the SAML assertion stored at the producer. The assertion contains user profile and session information. After the SAML Affiliate Agent gets the artifact, it calls the producer across the SSL back channel to retrieve the actual assertion.

       For all web servers, add the HTTPSPorts attribute to the AffiliateConfig.xml file and specify the same port number as you specify for the SSLInterceptorURL attribute. The HTTPSPorts attribute must be added to the GlobalInfo tag in the AffiliateConfig.xml file.

    3. Federation Web Services Root URL—enter the URL to the producer-side web server where the Web Agent Option Pack is installed. The URL must be a secure URL that begins in the form https://, such as

       https://myserver.ca.com:81

11. In the Passwords dialog, complete the following:
    1. Respond to the Shared Secret prompt by entering the secret twice. The SAML Affiliate Agent uses the shared secret to encrypt consumer cookies.

       The secret encrypts consumer cookies. You do not have to specify a corresponding secret in the Policy Server.

    2. Respond to the Affiliate Password prompt by entering the password twice. The SAML Affiliate Agent uses the password to communicate with the Policy Server at the producer site.

       This password must match the password for a consumer defined in the Policy Server User Interface.

       Note: For information about configuring a consumer, see the Federation Security Services Guide.

12. Optionally, respond to the prompt about optional UNIX configuration. If you are using the Bourne shell, you can include the nete-af-env.sh environment variable in the .profile file.
13. In the Pre-Installation Summary dialog, confirm the configuration settings then select Install.

    The setup program copies files to the specified location.

14. In the Install Complete dialog, select whether to restart your system now or later, then click Done to exit the installer.

    For Agents installed on IIS 6.0 Web Servers and Apache 1.x Web Servers, start the Affiliate Server before starting the web server.

15. Restart the web server.

More Information

Install the SAML Affiliate Agent in Console Mode (UNIX Only)

HTTPS Ports for SSL Connections

Check that the Affiliate Server Has Started