Installing SAML Extension Software

The SAML extension for Novell iChain software should only be installed on compatible hardware. The installation is divided into four sections: an installation introduction, the server installation, ConsoleOne snap-ins installation, and schema installation.

For hardware requirements, see the iChain 2.2 Hardware Guide.

NOTE:  The Novell-supported platforms for the SAML extension for Novell iChain software are Windows 2000, Red Hat Linux 8, and NetWare 6 with Support Pack 3. You should run the installation executable on the machine you are designating as the SAML server.

Also, this portion of the installation requires that the following environment variables are properly set:

CATALINA_HOME or TOMCAT_HOME: This value indicates where the Tomcat servlet engine has been installed. This value must be set manually. To create the setting, you need to create an environment variable named CATALINA_HOME that points to the Tomcat install directory. For example, if you installed Tomcat to c:\tomcat, then your CATALINA_HOME environment variable would be CATALINA_HOME=c:\tomcat.

JAVA_HOME: This value indicates the location of Java on the system. If you installed Java using the Sun Java installer, this value was automatically set; however, it can also be set manually. To create the setting, you need to create an environment variable named JAVA_HOME that points to the Java home directory. For example, if you installed the Java Development Kit to c:\j2sdk1.4, your JAVA_HOME variable would be JAVA_HOME=c:\j2sdk1.4.

To install the SAML extension for Novell iChain:

1. At the Web download site, click the Web download link to automatically download the SAML extension executable.

2. Double-click the executable to launch the installer.

   The installation program will guide you through the installation process.

   Figure 16
   SAML Extension Introduction
   

3. After you have read the introductory screen, click Next.

   Figure 17
   License Agreement
   

4. Accept the terms of the License Agreement, then click Next.

   Figure 18
   Choose Installation Set
   

5. Choose the installation component.

   There are three different components included in the SAML extension installation. They are:

   • Install Server: This option installs the SAML Extension for Novell iChain Web application. You should run this option on the machine you want to be the SAML extension server. This component requires that the system has Java Development Kit (JDK*) 1.4.1 or later and the Tomcat servlet engine installed.

   • Install ConsoleOne Snap-Ins: This option installs the ConsoleOne snap-ins used to administer the SAML extension components.

   • Install Schema: This option extends the eDirectory^TM schema to include the SAML configuration object definitions.

   The Install Server button is selected by default. These steps assume you will accept the default selection.

6. Click Next to begin the SAML extension server installation.

   A pre-installation summary is displayed:

   Figure 19
   Pre-installation Summary of SAML Extension Server
   

7. Review the SAML extension server pre-installation summary, then click Install.

   The SAML extension Web application is installed to the specific SAML extension server install folder. For example, Figure 19 shows the folder as c:\tomcat\webapps. The installer creates a folder named samlext in this directory. After the Web application files are installed, you are prompted for initial system configuration information, as shown in Figure 20.

   Figure 20
   Initial Configuration
   

8. Specify the initial configuration information.

   The following configuration entries (some of which are required) can be set:

   • LDAP Server Address: The address of the LDAP servers that contain the configuration and users for the SAML extension server. These should be the same LDAP servers that contain the configuration and users for iChain. You must enter information in this field or the server does not function properly.

   • LDAP Username: The user name of the proxy user that the SAML extension server uses to access the directory. We recommend that this user be the same as the one used by iChain.

   • LDAP Password: The user password for the proxy user. You must enter information in this field or the server does not function properly.

   • iChain Service Object LDAP Name: The name of the iChainServiceObject associated with this iChain installation. The SAML extension server uses this value to find its configuration objects in the directory. You must enter information in this field or the server does not function properly.

9. Click Next.

   Figure 21
   Initial Configuration: Key Pair Information
   

10. The following configuration entries can be set:

    • SSL Key Pair: Allows the administrator to include a key pair in PKCS#12 or JKS format to be used for outbound SSL connections. You can choose to leave this field blank and configure it later.

    • Signing Key Pair: Allows the administrator to include a key pair in PKCS#12 or JKS format to be used to sign SAML data. You can choose to leave this field blank and configure it later.

    All of the settings you select are stored in a file on the server.

11. Click Next.

    When the server installation has successfully completed, an Install Complete page appears.

    Figure 22
    SAML Extension Server Install Complete
    

    This dialog box shows the location of the file. For example, Figure 22 shows that the configuration information has been installed to c:\Java\Tomcat4\webapps\samlext\conf. You can make changes to this file if you need to change your configuration. For more information about this file, see Configuring the SAML Extension Server.

12. Click Done to exit the server installer.

    You must launch the installer again to install the next component.

13. Launch the installer.

    Figure 23
    Choose Installation Set
    

14. Click Install ConsoleOne Snap-ins, then click Next.

    Figure 24
    ConsoleOne Snap-ins Install Folder
    

15. Select the directory on your machine where ConsoleOne is installed, then click Next.

    Figure 25
    Pre-Installation Summary of ConsoleOne Snap-ins
    

16. Review the ConsoleOne snap-ins pre-installation summary, then click Install.

    Figure 26
    ConsoleOne Snap-ins Install Complete
    

17. When the ConsoleOne snap-ins installation has successfully completed, an Install Complete screen appears. Click Done to exit the ConsoleOne snap-ins installer

    You must launch the installer again to install the final component.

18. Launch the installer.

    Figure 27
    Choose Installation Set
    

19. Click Install Schema, then click Next.

    Figure 28
    LDAP Server Information
    

20. In order to install the schema, you must specify the Administrator DN, Administrator Password, LDAP IP Address, and LDAP Port information for your LDAP server. You must also enable clear text password on your LDAP server.

    The LDAP server should be the same one you specified during the SAML extension server portion of the installation. For example, Figure 20 and Figure 28 show that the LDAP server address is 137.65.159.66.

21. Click Next.

    Figure 29
    Pre-Installation Summary of SAML Extension Schema
    

22. Review the schema pre-installation summary, then click Install.

    When the installation is complete, a schema results page is displayed.

    Figure 30
    Schema Results Summary
    

23. Review the schema results summary, then click Next.

    Figure 31
    Install Complete
    

24. When the schema installation has successfully completed, an Install Complete page appears. Click Done to exit the installation.