Table of Contents

Search

  1. Preface
  2. Command Line Programs and Utilities
  3. Installing and Configuring Command Line Utilities
  4. Using the Command Line Programs
  5. Environment Variables for Command Line Programs
  6. Using infacmd
  7. infacmd as Command Reference
  8. infacmd aud Command Reference
  9. infacmd autotune Command Reference
  10. Infacmd bg Command Reference
  11. infacmd ccps Command Reference
  12. infacmd cluster Command Reference
  13. infacmd cms Command Reference
  14. infacmd dis Command Reference
  15. Infacmd dis Queries
  16. infacmd dp Command Reference
  17. infacmd idp Command Reference
  18. infacmd edp Command Reference
  19. Infacmd es Command Reference
  20. infacmd ics Command Reference
  21. infacmd ipc Command Reference
  22. infacmd isp Command Reference
  23. infacmd ldm Command Reference
  24. infacmd mas Command Reference
  25. infacmd mi Command Reference
  26. infacmd mrs Command Reference
  27. infacmd ms Command Reference
  28. infacmd oie Command Reference
  29. infacmd ps Command Reference
  30. infacmd pwx Command Reference
  31. infacmd roh Command Reference
  32. infacmd rms Command Reference
  33. infacmd rtm Command Reference
  34. infacmd sch Command Reference
  35. infacmd search Command Reference
  36. infacmd sql Command Reference
  37. infacmd tdm Command Reference
  38. infacmd tools Command Reference
  39. infacmd wfs Command Reference
  40. infacmd ws Command Reference
  41. infacmd xrf Command Reference
  42. infacmd Control Files
  43. infasetup Command Reference
  44. pmcmd Command Reference
  45. pmrep Command Reference
  46. Working with filemanager
  47. Working with pmrep Files

updateDomainSamlConfig

updateDomainSamlConfig

Enables or disables Secure Assertion Markup Language (SAML) authentication for Informatica web applications in an Informatica domain. You can also use the command to update the identity provider URL and specify allowed time difference between the identity provider host system clock and the system clock on the master gateway node.
Run the command on each gateway node within the Informatica domain. Shut down the domain before you run the command.
The infasetup updateDomainSamlConfig command uses the following syntax:
updateDomainSamlConfig [<-EnableSaml|-saml> enable_saml] [<-IdpUrl|-iu> idp_url] [<-ServiceProviderId|-spid> service_provider_id] [<-ClockSkewTolerance|-cst> clock_skew_tolerance_in_seconds] [<-SamlAssertionSigned|-sas> sign_saml_assertion] [<-AssertionSigningCertificateAlias|-asca> idp_assertion_signing_certificate_alias] [<-AuthnContextComparsion|-acc> saml_requested_authn_context_comparsion_type] [<-AuthnContextClassRef|-accr> saml_requested_authn_context_class_reference] [<-SignSamlRequest|-ssr> sign_saml_request] [<-RequestSigningPrivateKeyAlias|-rspa> saml_request_signing_private_key_alias] [<-RequestSigningPrivateKeyPassword|-rspp> saml_request_signing_private_key_password] [<-RequestSigningAlgorithm|-rsa> saml_request_signing_algorithm] [<-SamlResponseSigned|-srs> saml_response_signed] [<-ResponseSigningCertificateAlias|-rsca> idp_response_signing_certificate_alias] [<-SamlAssertionEncrypted|-sae> saml_assertion_encrypted] [<-EncryptedAssertionPrivateKeyAlias|-eapa> saml_encrypt_assertion_private_key_alias] [<-EncryptedAssertionPrivateKeyPassword|-eapp> saml_encrypt_assertion_private_key_password]
The following table describes the infasetup updateDomainSamlConfig options and arguments:
Option
Description
-EnableSaml
-saml
Optional. Enables or disables SAML authentication in the Informatica domain.
Set this value to true to enable SAML authentication in the Informatica domain.
Default is false.
-idpUrl
-iu
Required if the -saml option is true. Specify the identity provider URL for the domain. You must specify the complete URL string.
-ServiceProviderId
-spid
Optional. The relying party trust name or the service provider identifier for the domain as defined in the identity provider.
If you specified "Informatica" as the relying party trust name in AD FS, you do not need to specify a value.
-ClockSkewTolerance
-cst
Optional. The allowed time difference between the identity provider host system clock and the system clock on the master gateway node.
The lifetime of SAML tokens issued by the identity provider by is set according to the identity provider host system clock. The lifetime of a SAML token issued by the identity provider is valid if the start time or end time set in the token is within the specified number seconds of the system clock on the master gateway node.
Values must be from 0 to 600 seconds. Default is 120 seconds.
-SamlAssertionSigned
-sas
Optional. Set to TRUE to enable assertion signing by the identity provider. Default is FALSE.
-AssertionSigningCertificateAlias
-asca
Required if SamlAssertionSigned is set to TRUE. The alias name specified when importing the identity provider assertion signing certificate into the truststore file used for SAML authentication.
-AuthnContextComparsion
-acc
Specifies the comparison method used to evaluate the requested authorization statement. One of the following:
  • MINIMUM. The authentication context in the authentication statement must be the exact match of at least one of the authentication contexts specified.
  • MAXIMUM. The authentication context in the authentication statement must be at least as strong (as deemed by the responder) as one of the authentication contexts specified.
  • BETTER. The authentication context in the authentication statement must be stronger (as deemed by the responder) than any one of the authentication contexts specified.
  • EXACT. The authentication context in the authentication statement must be as strong as possible (as deemed by the responder) without exceeding the strength of at least one of the authentication contexts specified
Default is Exact.
-AuthnContextClassRef
-accr
The authentication context class. One of the following:
  • PASSWORD
  • PASSWORDPROTECTEDTRANSPORT
-SignSamlRequest
-ssr
Set to true to enable request signing
Default is False.
-RequestSigningPrivateKeyAlias
-rspa
Required if you enable signed request. Alias name of the private key that Informatica uses to sign the request. This private key resides in the keystore in the gateway node. The corresponding public key (usually a certificate) should be imported to the identity provider.
-RequestSigningPrivateKeyPassword
-rspp
Plaintext password of the private key that Informatica uses to sign the request.
Default is the password of private key present in the keystore file
<Informatica home>\services\shared\security\infa_keystore.jks
with the alias "Informatica LLC".
-RequestSigningAlgorithm
-rsa
Required if you enable signed request. Algorithm used to sign the request. One of the following:
  • RSA_SHA256
  • DSA_SHA1
  • DSA_SHA256
  • RSA_SHA1
  • RSA_SHA224
  • RSA_SHA384
  • RSA_SHA512
  • ECDSA_SHA1
  • ECDSA_SHA224
  • ECDSA_SHA256
  • ECDSA_SHA384
  • ECDSA_SHA512
  • RIPEMD160
  • RSA_MD5
-SamlResponseSigned
-srs
Set to true to specify whether the IDP signs the SAML response.
When set to TRUE, requires the IDP administrator to configure the identify provider to sign the response.
Default is False.
-ResponseSigningCertificateAlias
-rsca
Required if you enable signed response. Alias name of the certificate in the gateway node SAML truststore to use to verify the signature.
-SamlAssertionEncrypted
-sae
Set to true to specify that the IDP encrypts the assertion.
When set to TRUE, requires the IDP administrator to configure the identify provider to encrypt the assertion.
Default is False.
-EncyptedAssertionPrivateKeyAlias
-espa
Alias name of the private key present in the gateway node SAML keystore. The private key is used for encrypting the assertion. The IDP administrator must import the corresponding public key (usually a certificate).
-EncyptedAssertionPrivateKeyPassword
-espp
Plaintext password.
Default is the password of private key present in the keystore file
<Informatica home>\services\shared\security\infa_keystore.jks
with the alias "Informatica LLC".