updateDomainSamlConfig

updateDomainSamlConfig
[<-EnableSaml|-saml> enable_saml]
[<-IdpUrl|-iu> idp_url]
[<-ServiceProviderId|-spid> service_provider_id]
[<-ClockSkewTolerance|-cst> clock_skew_tolerance_in_seconds]
[<-SamlAssertionSigned|-sas> sign_saml_assertion]
[<-AssertionSigningCertificateAlias|-asca> idp_assertion_signing_certificate_alias]
[<-AuthnContextComparsion|-acc> saml_requested_authn_context_comparsion_type]
[<-AuthnContextClassRef|-accr> saml_requested_authn_context_class_reference]
[<-SignSamlRequest|-ssr> sign_saml_request]
[<-RequestSigningPrivateKeyAlias|-rspa> saml_request_signing_private_key_alias]
[<-RequestSigningPrivateKeyPassword|-rspp> saml_request_signing_private_key_password]
[<-RequestSigningAlgorithm|-rsa> saml_request_signing_algorithm]
[<-SamlResponseSigned|-srs> saml_response_signed]
[<-ResponseSigningCertificateAlias|-rsca> idp_response_signing_certificate_alias]
[<-SamlAssertionEncrypted|-sae> saml_assertion_encrypted]
[<-EncryptedAssertionPrivateKeyAlias|-eapa> saml_encrypt_assertion_private_key_alias]
[<-EncryptedAssertionPrivateKeyPassword|-eapp> saml_encrypt_assertion_private_key_password]

Option	Description
-EnableSaml -saml	Optional. Enables or disables SAML authentication in the Informatica domain. Set this value to true to enable SAML authentication in the Informatica domain. Default is false.
-idpUrl -iu	Required if the -saml option is true. Specify the identity provider URL for the domain. You must specify the complete URL string.
-ServiceProviderId -spid	Optional. The relying party trust name or the service provider identifier for the domain as defined in the identity provider. If you specified "Informatica" as the relying party trust name in AD FS, you do not need to specify a value.
-ClockSkewTolerance -cst	Optional. The allowed time difference between the identity provider host system clock and the system clock on the master gateway node. The lifetime of SAML tokens issued by the identity provider by is set according to the identity provider host system clock. The lifetime of a SAML token issued by the identity provider is valid if the start time or end time set in the token is within the specified number seconds of the system clock on the master gateway node. Values must be from 0 to 600 seconds. Default is 120 seconds.
-SamlAssertionSigned -sas	Optional. Set to TRUE to enable assertion signing by the identity provider. Default is FALSE.
-AssertionSigningCertificateAlias -asca	Required if SamlAssertionSigned is set to TRUE. The alias name specified when importing the identity provider assertion signing certificate into the truststore file used for SAML authentication.
-AuthnContextComparsion -acc	Specifies the comparison method used to evaluate the requested authorization statement. One of the following: - MINIMUM. The authentication context in the authentication statement must be the exact match of at least one of the authentication contexts specified. - MAXIMUM. The authentication context in the authentication statement must be at least as strong (as deemed by the responder) as one of the authentication contexts specified. - BETTER. The authentication context in the authentication statement must be stronger (as deemed by the responder) than any one of the authentication contexts specified. - EXACT. The authentication context in the authentication statement must be as strong as possible (as deemed by the responder) without exceeding the strength of at least one of the authentication contexts specified Default is Exact.
-AuthnContextClassRef -accr	The authentication context class. One of the following: - PASSWORD - PASSWORDPROTECTEDTRANSPORT
-SignSamlRequest -ssr	Set to true to enable request signing Default is False.
-RequestSigningPrivateKeyAlias -rspa	Required if you enable signed request. Alias name of the private key that Informatica uses to sign the request. This private key resides in the keystore in the gateway node. The corresponding public key (usually a certificate) should be imported to the identity provider.
-RequestSigningPrivateKeyPassword -rspp	Plaintext password of the private key that Informatica uses to sign the request. Default is the password of private key present in the keystore file <Informatica home>\services\shared\security\infa_keystore.jks with the alias "Informatica LLC".
-RequestSigningAlgorithm -rsa	Required if you enable signed request. Algorithm used to sign the request. One of the following: - RSA_SHA256 - DSA_SHA1 - DSA_SHA256 - RSA_SHA1 - RSA_SHA224 - RSA_SHA384 - RSA_SHA512 - ECDSA_SHA1 - ECDSA_SHA224 - ECDSA_SHA256 - ECDSA_SHA384 - ECDSA_SHA512 - RIPEMD160 - RSA_MD5
-SamlResponseSigned -srs	Set to true to specify whether the IDP signs the SAML response. Note: When set to TRUE, requires the IDP administrator to configure the identify provider to sign the response. Default is False.
-ResponseSigningCertificateAlias -rsca	Required if you enable signed response. Alias name of the certificate in the gateway node SAML truststore to use to verify the signature.
-SamlAssertionEncrypted -sae	Set to true to specify that the IDP encrypts the assertion. Note: When set to TRUE, requires the IDP administrator to configure the identify provider to encrypt the assertion. Default is False.
-EncyptedAssertionPrivateKeyAlias -espa	Alias name of the private key present in the gateway node SAML keystore. The private key is used for encrypting the assertion. The IDP administrator must import the corresponding public key (usually a certificate).
-EncyptedAssertionPrivateKeyPassword -espp	Plaintext password. Default is the password of private key present in the keystore file <Informatica home>\services\shared\security\infa_keystore.jks with the alias "Informatica LLC".