Command Reference > infacmd mi Command Reference > updateSamlConfig
  

updateSamlConfig

Updates the Mass Ingestion Service SAML configuration. You can configure the identity provider URL, the service provider ID, clock skew tolerance, and the assertion signing certificate alias.
The infacmd mi updateSamlConfig command uses the following syntax:
updateSamlConfig

<-DomainName|-dn> domain_name

<-UserName|-un> user_name

<-Password|-pd> password

[<-SecurityDomain|-sdn> security_domain]

<-ServiceName|-sn> service_name

[<-idpUrl|-iu> identity_provider_url]

[<-ServiceProviderId|-spid> service_provider_id]

[<-ClockSkewTolerance|-cst> clock_skew_tolerance_in_seconds]

[<-AssertionSigningCertificateAlias|-asca> idp_assertion_signing_certificate_alias]
The following table describes the infacmd mi updateSamlConfig options and arguments:
Option
Argument
Description
-DomainName
-dn
domain_name
Required. Name of the Informatica domain. You can set the domain name with the -dn option or the environment variable INFA_DEFAULT_DOMAIN. If you set a domain name with both methods, the -dn option takes precedence.
-UserName
-un
user_name
Required if the domain uses Native or LDAP authentication. User name to connect to the domain. You can set the user name with the -un option or the environment variable INFA_DEFAULT_DOMAIN_USER. If you set a user name with both methods, the -un option takes precedence.
Optional if the domain uses Kerberos authentication. To run the command with single sign-on, do not set the user name. If you set the user name, the command runs without single sign-on.
-Password
-pd
password
Required if you specify the user name. Password for the user name. The password is case sensitive. You can set a password with the -pd option or the environment variable INFA_DEFAULT_DOMAIN_PASSWORD. If you set a password with both methods, the password set with the -pd option takes precedence.
-SecurityDomain
-sdn
security_domain
Optional. Name of the security domain to which the domain user belongs. You can set a security domain with the -sdn option or the environment variable INFA_DEFAULT_SECURITY_DOMAIN. If you set a security domain name with both methods, the -sdn option takes precedence. The security domain name is case sensitive.
Default is Native.
-ServiceName
-sn
service_name
Required. Name of the Mass Ingestion Service that manages the mass ingestion specification.
-idpUrl
-iu
identity_provider_url
Optional. Specify the identity provider URL for the domain. You must specify the complete URL string.
-ServiceProviderId
-spid
service_provider_id
Optional. The relying party trust name or the service provider identifier for the domain as defined in the identity provider.
If you specified "Informatica" as the relying party trust name in AD FS, you do not need to specify a value.
-ClockSkewTolerance
-cst
clock_skew_tolerance_in_seconds
Optional. The allowed time difference between the identity provider host system clock and the system clock on the master gateway node.
The lifetime of SAML tokens issued by the identity provider is set according to the identity provider host system clock. The lifetime is valid if the start time or end time set in the token is within the specified number seconds of the system clock on the master gateway node.
Values must be from 0 to 600 seconds. Default is 120 seconds.
-AssertionSigningCertificateAlias
-asca
idp_assertion_signing_certificate_alias
Optional. The alias name specified when importing the identity provider assertion signing certificate into the truststore file used for SAML authentication.
If you change the alias name, import the corresponding certificate into the truststore file on each gateway node, and then restart the node.