Agent Guides › SAML Affiliate Agent Guide › Prepare the Installation › Set Up the Consumer Site › Set Up the SAML Affiliate Agent

Set Up the SAML Affiliate Agent

To setup the SAML Affiliate Agent

1. Install a Web server and configure it to accept HTTPS and HTTP connections.
2. Install the SAML Affiliate Agent.
3. Modify the AffiliateConfig.xml file, in saml_affiliate_agent_home/config, as follows:
   1. Set the Enabled attribute to yes to enable the Agent.
   2. Specify the protected resources using the AffiliateResource attribute.
   3. You may also want to modify the following settings:
      • AffiliateName
      • AffiliatePassword (you provide this at installation time)
      • AssertionIssuer
      • CookieDomain
      • NoAccessURL
4. (Optional) If you are using a root certificate authority (CA) for SSL connections between the producer and the consumer, and this CA is not listed in the AM.keystore file, you need to add it. Use the Java keytool utility included with the JDK.

   Important! The SAML Affiliate Agent is not compatible with the FIPS 140-2 encryption standards.

   The SAML Affiliate Agent can ensure that the producer communicating with the consumer can present a certificate that has been verified by a trusted CA.

   Note: For information about using keytool, go to Sun Microsystems.

5. Test your system.

   Try accessing a protected resource on both http and https ports—you should be challenged. If not, check the SAML Affiliate Agent logs to troubleshoot the problem.