Agent GuidesSAML Affiliate Agent GuideUpgrade to SAML Affiliate Agent v6.x QMR 6Upgrade a 5.x or 6.0 SAML Affiliate Agent to 6.x QMR 6 › Step 3: Upgrade to the 6.x QMR 6 SAML Affiliate Agent

Previous Topic: Step 2: Uninstall the 5.x/6.0 SAML Affiliate Agent

Next Topic: Step 4: Modify the Configuration of the Upgraded Agent
Step 3: Upgrade to the 6.x QMR 6 SAML Affiliate Agent

When you upgrade from a pre-6.x QMR 5 SAML Affiliate Agent, the program lays out the SAML Affiliate Agent files again without altering your existing configuration.

When the upgrade is complete, only one AffiliateConfig.xml file exists, located in the directory saml_affiliate_agent_home/config. The AffiliateConfig.xml file is a shared configuration file for all web servers on the system. The SAML Affiliate Agent can operate with this one file; however, to establish independent AffiliateConfig.xml files for different web servers, run the Configuration Wizard. The Configuration Wizard enables you to modify the configuration and generate a configuration file on a per-Web server basis.

The upgrade instructions that follow reflect the GUI mode procedures. For UNIX systems, you can upgrade using Console mode by executing the SAML Affiliate Agent binary file with the -i console command argument, for example, nete-af-6xqmr6-operating_system.bin -i console. The command-line upgrade prompts are similar to GUI mode prompts.

To upgrade to the 6.x QMR 6 SAML Affiliate Agent

  1. Stop all web servers and web server applications.
  2. Download the software from the CA Technical Support site.
  3. Complete one of the following steps:

    Windows: Navigate to the win32 folder then double-click nete-af-version-win32.exe.

    Solaris: From the solaris folder, copy nete-af-version-sol.bin to a local directory, navigate to that directory and enter the following command in a console window:

    ./nete-af-version-sol.bin

    Linux 2.1 systems: From the linux folder, copy nete-af-version-linux.bin to a local directory, navigate to that directory and enter the following command in a console window:

    ./nete-af-6qmr6-linux.bin

    The setup program prepares the files for installation.

  4. In the Introduction dialog, read the information then click Next.
  5. Read the License Agreement and select the option to accept the agreement. Click Next.

    If you do not accept the agreement, the installation terminates.

  6. Read the Release Notes, then click Next.
  7. In the Choose Install Folder dialog, accept the default installation location or use the Browse button to select a different location. Click Next.
  8. In the Web Server dialog, select two web server instances:

    You can use one web server with two ports (non-SSL and SSL). IIS and Sun ONE 6.0 support this type of configuration.

    Follow the steps for your web server type:

    IIS Web Server

    Select the IIS Web server and click Next.

    Apache Web Server

    Select the Apache Web server and enter the full path to the server location, for example, /usr/local/apache2. Click Next.

    Sun ONE Web Server
    1. Do one of the following:

      For Windows systems, the installation detects the Sun ONE web server automatically.

      For UNIX systems, select the Sun ONE Web server and enter the full path to the root directory of the server, for example, usr/sunone/servers.

    2. Click Next.
    3. Select the instance of the Sun ONE Web server on which the SAML Affiliate Agent will run.
    4. Click Next.
  9. If prompted, specify the location of the JRE by accepting the default location or by using the Browse button to select a different location.

    Note: For the supported JRE version, search the SiteMinder Platform Matrix on the Technical Support site.

  10. Respond to the following configuration prompts then click Next:

    Important! When prompted to enter a root URL, enter it in the form http://address.domain.com:port—do not enter any additional text.

    When you specify a value for a root URL, the installation script appends additional information to it in the AffiliateConfig.xml file. For example, if you enter https://interceptor.domain.com:90 for the SSL Interceptor Root URL, the script appends /smafa/amts/test1.htm to it.

    Affiliate Cookie Domain

    Enter the domain for the local server where the SAML Affiliate Agent is installed, such as .partner.com.

    SSL Interceptor Root URL

    Enter the URL at the consumer site where the producer redirects users during consumer requests. The URL points to the secure web server at the consumer where the SAML Affiliate Agent is installed. We recommend that you use an SSL connection, and begin the URL with https://, such as

    https://affiliatesslserver.partner.com:90

    The SSLInterceptorURL enables the SAML Affiliate Agent to obtain the SAML artifact. The artifact identifies the SAML assertion stored at the producer. The assertion contains user profile and session information. After the Affiliate Agent gets the artifact, it calls the producer over the SSL back channel to retrieve the assertion.

    Federation Web Services Root URL

    Enter the URL for the web server at the producer where the Web Agent Option Pack is installed. The URL must be a secure URL that begins in the form https://, such as

    https://myproducer.ca.com:81

  11. In the Passwords dialog, complete the following:
    1. Enter the Shared Secret twice. The SAML Affiliate Agent uses this secret to encrypt consumer cookies.

      This secret is used locally to encrypt consumer cookies. You do not have to specify a corresponding secret at the Policy Server.

    2. Enter the Affiliate Password twice. The SAML Affiliate Agent uses the password to communicate with the Policy Server at the producer site. The password must match the password for a consumer defined in the Policy Server User Interface.

      Note: For information about configuring a consumer, see the Federation Security Services Guide.

  12. Optionally, respond to the prompt about optional UNIX configuration. If you are using the Bourne shell, include the nete-af-env.sh environment variable in the .profile file.
  13. In the Pre-Installation Summary dialog, confirm the configuration settings then select Install.

    The setup program copies files to the specified location. Afterward, the Setup Complete dialog is displayed.

  14. In the Installation Complete dialog, click Finish.
  15. Restart the web server.