Before you install the SAML Affiliate Agent, you must be logged into the account where the Web server is installed, and have sufficient permissions to run and modify this Web server.
- From the SAML Affiliate Agent installation media, copy the installation binary for your operating system to a local directory:
- Solaris: Navigate to the solaris folder and copy
nete-af-version-sol.bin
- Linux: Navigate to the linux folder and copy nete-af-version-linux.bin (for Linux 2.1) or nete-af-version-rhel30.bin
- At a prompt, enter the following command:
./nete-af-version-operating_system.bin -i console
where operating_system is sol for Solaris systems, linux for Linux 2.1 systems, or rhel30 for Linux 3.0 systems.
The installation script prepares the License Agreement file.
- Press ENTER to read the License Agreement.
Press ENTER to page through the agreement.
- Enter Y to accept the license agreement.
- Press ENTER to read the Release Notes.
Press ENTER to page through the notes.
- Enter Y to continue with the installation.
- Specify the directory where the installation should place the Agent files. To accept the default location, press ENTER.
- Choose the type of Web server to configure for the SAML Affiliate Agent by entering 1 for Sun Java System Web servers or 2 for Apache Web servers.
- Enter the Web server’s root directory, then press ENTER—for example:
- For Sun Java System: /export/smuser/sunone/servers
- For Apache: /usr/local/apache2
- For Sun Java System Web Servers, select the Web server instance to configure for the SAML Affiliate Agent.
- Enter the location of an installed Java Runtime Environment (JRE).
- Enter the Cookie Domain for the consumer, such as .consumer.com.
- Enter the SSL Interceptor Root URL, which is the URL at the consumer site where the producer redirects users during consumer requests. This is a URL to the consumer’s secure Web server where the SAML Affiliate Agent is installed. We recommend that you use an SSL connection, and that the URL begin with https://, such as
https://mysslserver.example.com:90
The SSLInterceptorURL enables the SAML Affiliate Agent to obtain the SAML artifact, which identifies the SAML assertion stored at the producer. The assertion contains user profile and session information. After the SAML Affiliate Agent gets the artifact, it makes a call on the SSL back channel to the producer to retrieve the actual assertion.
For all web servers, you must add the HTTPSPorts attribute to the AffiliateConfig.xml file and specify the same port number as you specify for the SSLInterceptorURL attribute. The HTTPSPorts attribute must be added to the GlobalInfo tag in the AffiliateConfig.xml file.
- Enter the Federation Web Services Root URL, which is the URL to the producer Web server where the SiteMinder Option Pack for the Web Agent is installed. This must be a secure URL that begins https://, such as
https://myserver.ca.com:81
- Respond to the Shared Secret prompt by entering the secret that the SAML Affiliate Agent will use to encrypt consumer cookies. Re-enter the secret when prompted.
This secret is used locally to encrypt consumer cookies. You do not have to specify a corresponding secret in the Policy Server.
- Respond to the Affiliate Password prompt by entering the password that the SAML Affiliate Agent will use to communicate with the Policy Server at the producer site.
This password must match the password for a consumer defined in the Policy Server User Interface.
Note: For information on configuring a consumer, see the SiteMinder Federation Security Services Guide.
- Confirm the installation settings by entering Y.
The installation script copies the files to the specified installation directory.
- For UNIX installations, respond to the prompt about UNIX configuration. If you are using the Bourne shell, include the nete-af-env.sh environment variable in the .profile file.
- If applicable, make note of the final instruction (if you did not log in as root) to update the /etc/rc2.d directory.
Cannot write to /etc/rc2.d/ directory. To complete daemon setup, copy
'/export/smuser/netegrity/affiliateagent/bin/S98smaffserver'
to '/etc/rc2.d/'
- Restart the Web server for the changes to take effect.
