Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Authentication
  5. Kerberos Authentication
  6. SAML Authentication for Informatica Web Applications
  7. Domain Security
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Appendix A: Command Line Privileges and Permissions
  14. Appendix B: Custom Roles

Security Guide

Security Guide

Import the Certificate into the Truststore Used for SAML Authentication

Import the Certificate into the Truststore Used for SAML Authentication

Import the assertion signing certificate used by the identity provider into the truststore file used for SAML authentication on every gateway node within the Informatica domain.
You can import the certificate into the default Informatica truststore file, or into a custom truststore file.

Guidelines for Using Default and Custom Truststore Files

The installer places the default infa_truststore.jks and keystore files in the
<Informatica installation directory>/services/shared/security
directory on each node. You can use the default truststore for setup and proof-of-concept, but the default truststore and keystore files provide limited security. For production, Informatica recommends using custom truststore and keystore files for more secure communication and SAML authentication.
Place custom truststore and keystore files in a custom directory. The truststore file name must be
infa_truststore.jks
.
Do not overwrite, delete or move the default files. the default truststore and keyst.ore files. Do not place custom truststore and keystore files in the
<Informatica installation directory>/services/shared/security
directory
When you create an alias for new certificates and private keys, do not use the default "Informatica LLC" name, which is used by the default truststore and keystore files.

Guidelines for Creating Certificates and Custom Truststore and Keystore Files

You can use the Java keytool key and certificate management utility to create an SSL certificate or a certificate signing request (CSR) as well as keystores and truststores in JKS format.
The keytool is available in the following directory on domain nodes:
<Informatica installation directory>\java\bin
If the domain nodes run on AIX, you can use the keytool provided with the IBM JDK to create an SSL certificate or a Certificate Signing Request (CSR) as well as keystores and truststores:
  1. Copy the certificate files to a local folder on a gateway node within the Informatica domain.
  2. From the command line, go to the location of the keytool utility on the node.
  3. Run the keytool utility to import the certificate.
  4. Restart the node.

0 COMMENTS

We’d like to hear from you!