Table of Contents

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication
  6. Domain Security
  7. SAML Authentication for Informatica Web Applications
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Security Guide

Security Guide

infasetup DefineDomain Command Options

infasetup DefineDomain Command Options

Use the infasetup defineDomain command to enable SAML authentication when you create a domain.
The following example shows the SAML options as the final six options at the command prompt:
infasetup defineDomain -cs "jdbc:informatica:oracle://host:1521;sid=xxxx" -dt oracle -dn TestDomain -ad test_admin -pd test_admin -ld $HOME/ISP/1011/source/logs -nn TestNode1 -na host1.company.com -saml true -iu https://server.company.com/adfs/ls/ -cst 240 -asca adfscert -std \custom\security\ -stp password -mi 10000 -ma 10200 -rf $HOME/ISP/BIN/nodeoptions.xml
The following table describes the SAML options and arguments:
Option
Argument
Description
-EnableSaml
-saml
true|false
Required. Set this value to true to enable SAML authentication for supported Informatica web applications within the Informatica domain.
Set this value to false to disable SAML authentication for supported Informatica web applications within the Informatica domain.
-idpUrl
-iu
identity_provider_url
Required if the -saml option is true. Specify the identity provider URL for the domain. You must specify the complete URL string.
-ClockSkewTolerance
-cst
clock_skew_tolerance_in_seconds
Optional. The allowed time difference between the Active Directory Federation Services (AD FS) host system clock and the master gateway node's system clock.
The lifetime of SAML tokens issued by AD FS by is set according to the AD FS host system clock. The lifetime of a SAML token issued by AD FS is valid if the start time or end time set in the token is within the specified number seconds of the master gateway node's system clock.
Values must be from 0 to 600 seconds. Default is 120 seconds.
-AssertionSigningCertificateAlias
-asca
idp_assertion_signing_certificate_aliaseAlias
Required if the -saml option is true. The alias name specified when importing the identity provider assertion signing certificate into the truststore file used for SAML authentication.
-SamlTrustStoreDir
-std
saml_truststore_directory
Optional. The directory containing the custom truststore file required to use SAML authentication on gateway nodes within the domain. Specify the directory only, not the full path to the file.
SAML authentication uses the default Informatica truststore if no truststore is specified.
-SamlTrustStorePassword
-stp
saml_truststore_password
Required if you use a custom truststore. The password for the custom truststore file.
See the Informatica Command Reference for instructions on using the infasetup defineDomain command.

Updated May 17, 2019


Explore Informatica Network