At the Web download site, click the Web download link to automatically download the Liberty IDP executable.
Run the executable.
InstallAnywhere* will guide you through the installation process.
After you have read the introductory screen, click Next.
Figure 1
Liberty Identity Provider Introduction
If you accept the License Agreement, select the accept button, then click Next.
Figure 2
License Agreement
The Liberty IDP created by the installation is configured to run in a non-SSL mode by default. This mode is sufficient for testing purposes only. You cannot use the non-SSL mode in a production environment. For information on how to convert to SSL mode, see Configuring Your Liberty Identity Provider to Run in SSL Mode .
Click Next if you accept the SSL warning.
Figure 3
SSL Warning
The Liberty IDP requires Novell iManager to be installed. Even if you already have iManager installed on your machine, click Next to proceed with the installation.
Figure 4
Install iManager
The iManager installation is a wizard that consists of several screens that run on top of your Liberty IDP installation wizard. InstallAnywhere will guide you through the iManager installation.
-
Select the language you want (English is the default), then click OK.
Figure 5
iManager Installation
-
Read the Introduction screen, then click Next.
Figure 6
iManager Introduction
-
Read the Detection Summary screen, which indicates the components that will be installed with iManager, then click Next.
WARNING: If the Web server, servlet container, and/or JVM show as already installed, you must quit the installation, remove the component(s), then begin the installation again. To be sure you have deleted all the files before reinstalling the Liberty IDP, see Uninstalling the Liberty Identity Provider Software .
Figure 7
Detection Summary
-
Select the directory where iManager should be installed. The default is C:\Program Files\Novell.
Figure 8
Choose Install Folder
-
Click Next.
-
Review the Pre-Installation Summary. If you need to make changes, click Previous to return to the previous screens. Otherwise, click Install.
Figure 9
Pre-Installation Summary
iManager is installed on your machine. (This installation might take a few minutes.)
-
If the iManager installation is successful, you will get an Install Complete screen. Review this screen, then click Done.
Figure 10
Install Complete
You are returned to the Liberty IDP installation.
If iManager does not install successfully, see Troubleshooting Your Liberty IDP Installation and Configuration for tips on how to troubleshoot the installation.
At the LDAP Configuration screen, enter the Admin Distinguished Name, Admin Password, LDAP Server Domain/IP Address, LDAP Port, and select whether to Use Secure LDAP, meaning if the connection should be over SSL (the default is No).
You must enter the Admin Distinguished Name in eDirectory context. For example, cn=admin,ou=users,o=mycompany.
NOTE: If you are using Secure LDAP, you need to import the trusted root of your eDirectory tree into your certificate authority's keystore. You can do this by locating your key material object. By default, this would be located in the same container where your server object is located. Export the trusted root from the key material object. For more information, see Importing Trusted Roots .
Figure 11
LDAP Configuration Page
Click Next.
All Liberty single sign-on communication must be digitally signed. To support the digitally signing, the installer program will create a digital signing certificate. In order to create the certificate, you must first enter information. You set up this information on two screens by first entering site information, then setting up a keystore. At the Signing Certificate Information screen, enter the Liberty IDP Site Name, Organization Unit, Organization, City/Locality, State, and Country. You must fill in all of the fields in order to continue with the installation.
For the Liberty IDP Site Name, you normally specify the DNS Host Name of your IDP server. For example, idp.novell.com.
IMPORTANT: Do not use commas on any of the fields for this screen.
Figure 12
Signing Certificate Information: Site Information Page
Click Next.
Set up your keystore information by entering a Keystore File Name, Keypair Alias, Keypair Password, and Keystore Password.
These files are used in the signing process and are referenced by the Liberty application's web.xml file. (By default, this file is located at C:\Program Files\Novell\Tomcat\webapps\nidp\WEB-INF\web.xml.)
For more information about digital signing and keys, see the Key and Certificate Management Tool documentation.
Figure 13
Signing Certificate Information: Keystore Page
Click Next.
Enter an application name. This name will be part of the URL that will be used by service providers to request authentication services from you.
For example, if you use nidp, an nidp folder will be created in your Tomcat webapps folder (<Tomcat_home>\webapps) with the identity provider Web application.
Figure 14
Application Name Page
Click Next.
Review the Pre-Installation Summary. If you need to make changes to your configuration, click Previous to go back to previous screens. If you accept the configuration, click Install.
Figure 15
Pre-Installation Summary
The installation will extend the schema using eDirectory. (This process could take several minutes.)
When the installation is complete, click Done.
You will need to install the Liberty administration plug-ins in iManager. An installation help screen for iManager launches. To set up the Liberty Roles and Tasks, follow the instructions in the help screen to launch iManager and run the Configuration Wizard.
Continue with the steps in Creating a Liberty IDP Site to set up your Liberty IDP site.