Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Informatica Data Quality 10.5.6.1
  • All Products

Table of Contents

Search

  1. Preface
  2. Part 1: Version 10.5.6 - Version 10.5.6.x
  3. Part 2: Version 10.5.5 - 10.5.5.x
  4. Part 3: Version 10.5.4 - 10.5.4.x
  5. Part 4: Version 10.5.3 - 10.5.3.x
  6. Part 5: Version 10.5.2 - 10.5.2.1.x
  7. Part 6: Version 10.5.1 - 10.5.1.1
  8. Part 7: Versions 10.5 - 10.5.0.1
  9. Part 8: Versions 10.4.1 - 10.4.1.3
  10. Part 9: Versions 10.4 - 10.4.0.2
  11. Part 10: Versions 10.2.2 - 10.2.2 HotFix 1
  12. Part 11: Version 10.2.1
  13. Part 12: Version 10.2 - 10.2 HotFix 2

What's New and Changed (10.5.6.1)

What's New and Changed (10.5.6.1)

Back Next

infasetup Commands

infasetup Commands

Effective in version 10.5, you can use infasetup commands to define or update the domain or domain nodes to set up or enhance SAML authentication for web applications.
Each of the following sections describes new options for infasetup commands:

defineDomain

The following table describes the new options for the infasetup defineDomain command:
Option
Description
-SamlAssertionSigned
-sas
Optional. Set to TRUE to enable assertion signing by the identity provider. Default is FALSE.
-AuthnContextComparsion
-acc
Specifies the comparison method used to evaluate the requested authorization statement. Set to MINIMUM, MAXIMUM, BETTER, or EXACT. Default is Exact.
-AuthnContextClassRef
-accr
The authentication context class. Set to PASSWORD or PASSWORDPROTECTEDTRANSPORT.
-SignSamlRequest
-ssr
Set to true to enable signed request.
Default is False
-RequestSigningPrivateKeyAlias
-rspa
Required if you enable signed request. Alias name of the private key present in the node SAML keystore using which SAML request should be signed
-RequestSigningPrivateKeyPassword
-rspp
Required if you enable signed request. Password to access the private key used for signing the SAML request
-RequestSigningAlgorithm
-rsa
Required if you enable signed request. Algorithm used to sign the request. You can set to one of several different values, including RSA_SHA256, DSA_SHA1, and DSA_SHA256.
-SamlResponseSigned
-srs
Set to true to enable signed response.
Default is False.
-ResponseSigningCertificateAlias
-rsca
Required if you enable signed response. Alias name of the certificate present in the gateway node SAML truststore using which SAML response signature will be validated.
-SamlAssertionEncrypted
-sae
Required if you enable signed response. Set to true to enable encrypted assertion.
Default is False.
-EncyptedAssertionPrivateKeyAlias
-espa
Required if you enable encrypted assertion. Alias name of the private key present in the gateway node SAML keystore using which key used for encrypting the assertion will be decrypted.
-EncyptedAssertionPrivateKeyPassword
-espp
Required if you enable encrypted assertion. Password to access the private key used for decrypting the assertion encryption key

defineGatewayNode

The following table describes the new options for the infasetup defineGatewayNode command:
Option
Description
-SamlKeyStoreDir
-skd
Required if you use a custom keystore for SAML authentication. Path to the SAML keystore.
-SamlKeyStorePassword
-skp
Required if you use a custom keystore for SAML authentication. Password to the SAML keystore.
If you currently run scripts that use defineGatewayNode to enable a custom keystore for SAML authentication, you must update them to include this option.

defineWorkerNode

The following table describes the new options for the infasetup defineWorkerNode command:
Option
Description
-EnableSaml
-saml
Optional. Enables or disables SAML authentication in the Informatica domain.
Set to true or false. Default is false.
-SamlTrustStoreDir
-std
Optional. The directory containing the custom truststore file required to use SAML authentication on the gateway node. Specify the directory only, not the full path to the file.
The default Informatica truststore is used if no truststore is specified.
-SamlTrustStorePassword
-stp
Required if you use a custom truststore for SAML authentication. The password for the custom truststore.
-SamlKeyStoreDir
-skd
Optional. The directory containing the custom keystore file required to use SAML authentication on the gateway node. Specify the directory only, not the full path to the file.
-SamlKeyStorePassword
-skp
Required if you use a custom keystore for SAML authentication. Password to the SAML keystore.
If you currently run scripts that use defineWorkerNode to enable a custom keystore for SAML authentication, you must update them to include this option.

updateGatewayNode

The following table describes the new options for the infasetup updateGatewayNode command:
Option
Description
-SamlKeyStoreDir
-skd
Optional. The directory containing the custom keystore file required to use SAML authentication on the gateway node. Specify the directory only, not the full path to the file.
-SamlKeyStorePassword
-skp
Required if you use a custom keystore for SAML authentication. Password to the SAML keystore.

updateWorkerNode

The following table describes the new options for the infasetup updateWorkerNode command:
Option
Description
-CipherWhiteList
-cwl
Optional. Comma-separated list of JSSE cipher suites that you want to add to the effective list.
The list must contain at least one valid JRE or OpenSSL cipher suite.
-CipherBlackList
-cbl
Optional. Comma-separated list of JSSE cipher suites that you want to remove from the effective list.
The effective list must contain at least one valid JRE or OpenSSL cipher suite.
-CipherWhiteListFile
-cwlf
Optional. Absolute file name of the plain text file that contains a comma-separated list of cipher suites that you want to add to the effective list.
The list must contain at least one valid JRE or OpenSSL cipher suite.
-CipherBlackListFile
-cblf
Optional. Absolute file name of the plain text file that contains a comma-separated list of cipher suites that you want to remove from the effective list.
The effective list must contain at least one valid JRE or OpenSSL cipher suite.
-EnableSaml
-saml
Optional. Enables or disables SAML authentication in the Informatica domain.
Set to true or false. Default is false.
-SamlKeyStoreDir
-skd
Optional. The directory containing the custom keystore file required to use SAML authentication on the gateway node. Specify the directory only, not the full path to the file.
-SamlKeyStorePassword
-skp
Required if you use a custom keystore for SAML authentication. Password to the SAML keystore.
If you currently run scripts that use updateWorkerNode to enable a custom keystore for SAML authentication, you must update them to include this option.

updateDomainSamlConfig

The following table describes the new options for the infasetup updateDomainSamlConfig command:
Option
Description
-SamlAssertionSigned
-sas
Optional. Set to TRUE to enable assertion signing by the identity provider. Default is FALSE.
-SamlKeyStoreDir
-skd
Optional. The directory containing the custom keystore file required to use SAML authentication on the gateway node. Specify the directory only, not the full path to the file.
-SamlKeyStorePassword
-skp
Required if you use a custom keystore for SAML authentication. Password to the SAML keystore.
If you currently run scripts that use updateDomainSamlConfig to enable a custom keystore for SAML authentication, you must update them to include this option.
-SignSamlRequest
-ssr
Set to true to enable request signing
Default is False.
-RequestSigningPrivateKeyAlias
-rspa
Required if you enable signed request. Alias name of the private key that Informatica uses to sign the request. This private key resides in the keystore in the gateway node. The corresponding public key, usually a certificate, should be imported to the identity provider.
-RequestSigningPrivateKeyPassword
-rspp
Plaintext password of the private key that Informatica uses to sign the request.
Default is the password of private key present in the keystore file
<Informatica home>\services\shared\security\infa_keystore.jks
 with the alias "Informatica LLC".
-RequestSigningAlgorithm
-rsa
Required if you enable signed request. Algorithm used to sign the request. You can set to one of several different values, including RSA_SHA256, DSA_SHA1, and DSA_SHA256.
-SamlResponseSigned
-srs
Set to true to specify whether the IDP signs the SAML response.
When set to TRUE, requires the IDP administrator to configure the identify provider to sign the response.
Default is False.
-ResponseSigningCertificateAlias
-rsca
Required if you enable signed response. Alias name of the certificate in the gateway node SAML truststore to use to verify the signature.
-SamlAssertionEncrypted
-sae
Set to true to specify that the IDP encrypts the assertion.
When set to TRUE, requires the IDP administrator to configure the identify provider to encrypt the assertion.
Default is False.
-EncyptedAssertionPrivateKeyAlias
-espa
Alias name of the private key present in the gateway node SAML keystore. The private key is used for encrypting the assertion. The IDP administrator must import the corresponding public key (usually a certificate).
-EncyptedAssertionPrivateKeyPassword
-espp
Plaintext password.
Default is the password of private key present in the keystore file
<Informatica home>\services\shared\security\infa_keystore.jks
 with the alias "Informatica LLC".
0 COMMENTS
We’d like to hear from you!