Table of Contents

Search

  1. Preface
  2. Part 1: Version 10.5.1
  3. Part 2: Versions 10.5 - 10.5.0.1
  4. Part 3: Versions 10.4.1 - 10.4.1.3
  5. Part 4: Versions 10.4 - 10.4.0.2
  6. Part 5: Versions 10.2.2 - 10.2.2 HotFix 1
  7. Part 6: Version 10.2.1
  8. Part 7: Version 10.2 - 10.2 HotFix 2

infasetup Commands

infasetup Commands

Effective in version 10.5, you can use infasetup commands to define or update the domain or domain nodes to set up or enhance SAML authentication for web applications.
Each of the following sections describes new options for infasetup commands:

defineDomain

The following table describes the new options for the infasetup defineDomain command:
Option
Description
-SamlAssertionSigned
-sas
Optional. Set to TRUE to enable assertion signing by the identity provider. Default is FALSE.
-AuthnContextComparsion
-acc
Specifies the comparison method used to evaluate the requested authorization statement. Set to MINIMUM, MAXIMUM, BETTER, or EXACT. Default is Exact.
-AuthnContextClassRef
-accr
The authentication context class. Set to PASSWORD or PASSWORDPROTECTEDTRANSPORT.
-SignSamlRequest
-ssr
Set to true to enable signed request.
Default is False
-RequestSigningPrivateKeyAlias
-rspa
Required if you enable signed request. Alias name of the private key present in the node SAML keystore using which SAML request should be signed
-RequestSigningPrivateKeyPassword
-rspp
Required if you enable signed request. Password to access the private key used for signing the SAML request
-RequestSigningAlgorithm
-rsa
Required if you enable signed request. Algorithm used to sign the request. You can set to one of several different values, including RSA_SHA256, DSA_SHA1, and DSA_SHA256.
-SamlResponseSigned
-srs
Set to true to enable signed response.
Default is False.
-ResponseSigningCertificateAlias
-rsca
Required if you enable signed response. Alias name of the certificate present in the gateway node SAML truststore using which SAML response signature will be validated.
-SamlAssertionEncrypted
-sae
Required if you enable signed response. Set to true to enable encrypted assertion.
Default is False.
-EncyptedAssertionPrivateKeyAlias
-espa
Required if you enable encrypted assertion. Alias name of the private key present in the gateway node SAML keystore using which key used for encrypting the assertion will be decrypted.
-EncyptedAssertionPrivateKeyPassword
-espp
Required if you enable encrypted assertion. Password to access the private key used for decrypting the assertion encryption key

defineGatewayNode

The following table describes the new options for the infasetup defineGatewayNode command:
Option
Description
-SamlKeyStoreDir
-skd
Required if you use a custom keystore for SAML authentication. Path to the SAML keystore.
-SamlKeyStorePassword
-skp
Required if you use a custom keystore for SAML authentication. Password to the SAML keystore.
If you currently run scripts that use defineGatewayNode to enable a custom keystore for SAML authentication, you must update them to include this option.

defineWorkerNode

The following table describes the new options for the infasetup defineWorkerNode command:
Option
Description
-EnableSaml
-saml
Optional. Enables or disables SAML authentication in the Informatica domain.
Set to true or false. Default is false.
-SamlTrustStoreDir
-std
Optional. The directory containing the custom truststore file required to use SAML authentication on the gateway node. Specify the directory only, not the full path to the file.
The default Informatica truststore is used if no truststore is specified.
-SamlTrustStorePassword
-stp
Required if you use a custom truststore for SAML authentication. The password for the custom truststore.
-SamlKeyStoreDir
-skd
Optional. The directory containing the custom keystore file required to use SAML authentication on the gateway node. Specify the directory only, not the full path to the file.
-SamlKeyStorePassword
-skp
Required if you use a custom keystore for SAML authentication. Password to the SAML keystore.
If you currently run scripts that use defineWorkerNode to enable a custom keystore for SAML authentication, you must update them to include this option.

updateGatewayNode

The following table describes the new options for the infasetup updateGatewayNode command:
Option
Description
-SamlKeyStoreDir
-skd
Optional. The directory containing the custom keystore file required to use SAML authentication on the gateway node. Specify the directory only, not the full path to the file.
-SamlKeyStorePassword
-skp
Required if you use a custom keystore for SAML authentication. Password to the SAML keystore.

updateWorkerNode

The following table describes the new options for the infasetup updateWorkerNode command:
Option
Description
-CipherWhiteList
-cwl
Optional. Comma-separated list of JSSE cipher suites that you want to add to the effective list.
The list must contain at least one valid JRE or OpenSSL cipher suite.
-CipherBlackList
-cbl
Optional. Comma-separated list of JSSE cipher suites that you want to remove from the effective list.
The effective list must contain at least one valid JRE or OpenSSL cipher suite.
-CipherWhiteListFile
-cwlf
Optional. Absolute file name of the plain text file that contains a comma-separated list of cipher suites that you want to add to the effective list.
The list must contain at least one valid JRE or OpenSSL cipher suite.
-CipherBlackListFile
-cblf
Optional. Absolute file name of the plain text file that contains a comma-separated list of cipher suites that you want to remove from the effective list.
The effective list must contain at least one valid JRE or OpenSSL cipher suite.
-EnableSaml
-saml
Optional. Enables or disables SAML authentication in the Informatica domain.
Set to true or false. Default is false.
-SamlKeyStoreDir
-skd
Optional. The directory containing the custom keystore file required to use SAML authentication on the gateway node. Specify the directory only, not the full path to the file.
-SamlKeyStorePassword
-skp
Required if you use a custom keystore for SAML authentication. Password to the SAML keystore.
If you currently run scripts that use updateWorkerNode to enable a custom keystore for SAML authentication, you must update them to include this option.

updateDomainSamlConfig

The following table describes the new options for the infasetup updateDomainSamlConfig command:
Option
Description
-SamlAssertionSigned
-sas
Optional. Set to TRUE to enable assertion signing by the identity provider. Default is FALSE.
-SamlKeyStoreDir
-skd
Optional. The directory containing the custom keystore file required to use SAML authentication on the gateway node. Specify the directory only, not the full path to the file.
-SamlKeyStorePassword
-skp
Required if you use a custom keystore for SAML authentication. Password to the SAML keystore.
If you currently run scripts that use updateDomainSamlConfig to enable a custom keystore for SAML authentication, you must update them to include this option.
-SignSamlRequest
-ssr
Set to true to enable request signing
Default is False.
-RequestSigningPrivateKeyAlias
-rspa
Required if you enable signed request. Alias name of the private key that Informatica uses to sign the request. This private key resides in the keystore in the gateway node. The corresponding public key, usually a certificate, should be imported to the identity provider.
-RequestSigningPrivateKeyPassword
-rspp
Plaintext password of the private key that Informatica uses to sign the request.
Default is the password of private key present in the keystore file
<Informatica home>\services\shared\security\infa_keystore.jks
with the alias "Informatica LLC".
-RequestSigningAlgorithm
-rsa
Required if you enable signed request. Algorithm used to sign the request. You can set to one of several different values, including RSA_SHA256, DSA_SHA1, and DSA_SHA256.
-SamlResponseSigned
-srs
Set to true to specify whether the IDP signs the SAML response.
When set to TRUE, requires the IDP administrator to configure the identify provider to sign the response.
Default is False.
-ResponseSigningCertificateAlias
-rsca
Required if you enable signed response. Alias name of the certificate in the gateway node SAML truststore to use to verify the signature.
-SamlAssertionEncrypted
-sae
Set to true to specify that the IDP encrypts the assertion.
When set to TRUE, requires the IDP administrator to configure the identify provider to encrypt the assertion.
Default is False.
-EncyptedAssertionPrivateKeyAlias
-espa
Alias name of the private key present in the gateway node SAML keystore. The private key is used for encrypting the assertion. The IDP administrator must import the corresponding public key (usually a certificate).
-EncyptedAssertionPrivateKeyPassword
-espp
Plaintext password.
Default is the password of private key present in the keystore file
<Informatica home>\services\shared\security\infa_keystore.jks
with the alias "Informatica LLC".