Agent Guides › SAML Affiliate Agent Guide › Configure a SAML Affiliate Agent › Modify the SAML Affiliate Agent Configuration › Run the Configuration Wizard

Run the Configuration Wizard

The installation instructions that follow reflect the GUI mode prompts. For UNIX systems, you can install the Option Pack by using console mode by executing the Option Pack binary file with the -i console command argument. The command line installation prompts are similar to the GUI mode prompts.

Note the following:

• Running the Configuration Wizard using the Exceed application may cause text in the dialog boxes to be truncated because of unavailable fonts. This limitation has no affect on Agent installation and configuration.
• If you want to run the Configuration Wizard on a UNIX system via telnet or other terminal emulation software, you must have an X-Windows session running in the background.

  Additionally, you need to set the DISPLAY variable to your terminal, as follows:

  DISPLAY=111.11.1.12:0.0

  export DISPLAY

  If you try to run in GUI mode on a UNIX system via a telnet window without an X-Windows session, the installer throws an Java exception and exits.

  If you prefer, you can run the Wizard from the command-line in a console window.

• The variable saml_affiliate_agent_home refers to the installed location of the SAML Affiliate Agent.

To run the Configuration Wizard

1. Go to saml_affiliate_agent_home/config.
2. Do one of the following to start the Wizard:
   • For Windows: double-click affl_config.exe.
   • For UNIX: enter the following in a console window:

     ./affl_config.bin

3. Review the information in the Introduction dialog box and click Next.
4. In the Web Server dialog box, select one Web Server that you want to customize, then click Next.
5. Modify the entries in the URL Information dialog box, but note the following about adding entries:

   When prompted to enter a root URL, use the following syntax:

   http://address.domain.com:port or https://address.domain.com:port

   Do not enter any additional text.

   When you specify a value for a root URL, the installation script appends additional information to it in the AffiliateConfig.xml file. For example, if you enter https://interceptor.domain.com:90 for the Federation Web Services Root URL, the script enters https://interceptor.domain.com:90/smafa/amts/test1.htm in the AffiliateConfig.xml file.

   The entries are as follows:

   Affiliate Cookie Domain

   Enter the domain for the local server where the SAML Affiliate Agent is installed, such as .mydomain.com.

   SSL Interceptor Root URL

   Enter the URL at the consumer site where the producer redirects users during consumer requests. This is a URL to the consumer’s secure Web server where the SAML Affiliate Agent is installed. We recommend that you use an SSL connection and that the URL begin with https://, such as https://mysslserver.example.com:90

   The SSLInterceptorURL enables the SAML Affiliate Agent to obtain the SAML artifact, which identifies the SAML assertion stored at the producer. The assertion contains user profile and session information. After the Agent gets the artifact, it makes a call on the SSL back channel to the producer to retrieve the actual assertion.

   For all web servers, you must add the HTTPSPorts attribute to the AffiliateConfig.xml file and specify the same port number as you specify for the SSLInterceptorURL attribute. The HTTPSPorts attribute must be added to the GlobalInfo tag in the AffiliateConfig.xml file.

   Important! The SAML Affiliate Agent is not compatible with the FIPS 140-2 encryption standards.

   Federation Web Services Root URL

   Enter the URL to the Web server at the producer where the Web Agent and Web Agent Option Pack are installed. This must be a secure URL that begins in the form https://, such as https://myserver.ca.com:81

6. Modify the entries in the Passwords dialog box:
   1. Enter the Shared Secret twice. This is the secret that the SAML Affiliate Agent uses to encrypt consumer cookies. Confirm the secret by re-entering it.
   2. Enter the Affiliate Password twice. This is the password that the SAML Affiliate Agent uses to communicate with the Policy Server at the producer site. Confirm the password by re-entering it.

      This password must match the password for a consumer defined in the Policy Server User Interface. For more information about consumers, see the Federation Security Services Guide.

7. Review the information in the Configuration Summary dialog box, then click Install.
8. Upon completion, you will have a unique AffiliateConfig.xml file in one of the following locations:
   • IIS

     saml_affiliate_agent_home\bin\IIS

   • Sun Java System

     Windows: Sun_Java_System_home\https-hostname\config

     UNIX: Sun_Java_System_home/https-hostname/config

   • Apache

     Windows: Apache_home\conf

     UNIX: Apache_home/conf

   These locations apply only after running the Configuration Wizard. When you first install the Agent, the file’s default location is saml_affiliate_agent_home\config (Windows) or saml_affiliate_agent_home/config (UNIX).

9. Re-run the Configuration Wizard for each configuration you want to modify.