IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1

Response file parameters (SetupHlp.ini)

You can specify the installed features, installation directories, target server, and single sign-on options in the Setuphlp.ini response file. Learn more about the contents of the Setuphlp.ini file

The options in SetupHlp.ini are divided into the following categories:
Setup time only options
This section contains a list of options that you cannot change after installation.
Setup time and runtime options that map to multiple registry values each
This section contains a list of options that you can change after installation by modifying registry values. Each option is mapped to several registry values.
Setup time and runtime options that map to one registry value each
This section contains a list of options that you can change after installation by modifying registry values. Each option is mapped to a registry value.
Dependency URLs
The installation program directs you to these URLs if the required installation components are missing. For the list of included URLs, check the response file in your installation package.

Setup time only options

This section contains a list of options that you cannot change after installation.

Option Name Value Description
AAInstallDir AAInstallDir =C:\Program Files\IBM\ISAM ESSO\AA Specify installation directories.
FirstSyncMaxRetries Default: 1 Specify the number of attempts if the first synchronization fails during installation.
FirstSyncRetryIntervalMins Default: 1 Time interval, which is specified in minutes, between each attempt during installation.
GinaWhiteList

msgina, engina.dll, nwgina.dll

List of GINAs that are currently supported by IBM® Security Access Manager for Enterprise Single Sign-On.

AccessAgent is not installed if you are using a GINA that is not in this list.

During the installation, a prompt displays to determine whether you want to replace the GINA in this list.

For a silent installation, you must configure the EnginaEnabled option.

Note:
  • If you want to use a GINA not included in this list, test the new GINA against AccessAgent. Then, add the new .DLL file to this list.
  • Use a comma to separate the values.
EnginaEnabled 1 | 0 (default: 1)
Specify whether to replace the current GINA with EnGINA.
Note:
  • For AccessAgent version 3.3.0.0 and later, the behavior of this option is consistent for workstations, Terminal Servers, and Citrix Servers.
  • For Citrix Servers, use option 0.
PriceLevel Standard | Suite Specifies the product license level.
RebootEnabled 1 | 0 (default: 1) Specify whether to trigger a computer restart after setup.
RebootConfirmationEnabled 1 | 0 (default: 1) Specify whether to confirm with the user before rebooting. Effective only if RebootEnabled=1.
EnginaConflictPromptEnabled 1 | 0 (default: 1) If there is a GINA conflict, whether a prompt is displayed.
UsbKeyPromptEnabled 1 | 0 (default: 1) Specify whether to prompt user to insert USB Key, if a USB Key is not already inserted during installation time.
ImsConfigurationEnabled 1 | 0 (default: 1) Specify whether to configure the default IMS Server settings and install certificates from the IMS Server during setup.
ImsConfigurationPromptEnabled 1 | 0 (default: 0) Specify whether to prompt the user for the default IMS Server entry, even if it is already correctly configured. Effective only if ImsConfigurationEnabled=1.
InstallTypeGpo 1 | 0 (default: 0) Specify whether to suppress all prompts and write to a log. Required for AD GPO installation.
EncentuateNetworkProviderEnabled 1 | 0 (default: 0) Specify whether to enable Encentuate Network Provider during an AccessAgent installation.
EncentuateCredentialProviderEnabled 1 | 0 (default: 1)

Specify whether to install the IBM Security Access Manager for Enterprise Single Sign-On Credential Provider for Windows 7.
ConsoleAppSupportEnabled 1 | 0 (default: 0) Specify whether to enable IBM Security Access Manager for Enterprise Single Sign-On Console Hook Loader.
Note:
  • The Console Hook Loader is disabled by default.
  • To enable console application support, set the value to 1.
  • Alternatively, you can run InstallConsoleSupport.vbs in the <AccessAgent installation directory> after installation.
ResetBioAPIPermissions 1 | 0 (default: 0)

Specify whether to reset BioAPI Permissions.
DisableWin7CAD 1 | 0

(default: 1)

If set to 0, there are no changes to the DisableCAD policy.

If set to 1, the DisableCAD policy is set to 1.

When the DisableCAD policy is set to 1, the secure prompt screen (Ctrl-Alt-Del) is not displayed.
RemoveWallet 1 | 0

(default: Not defined)

Specify whether to remove Wallet during uninstallation.

For uninstalling silently, set RemoveWallet=1 if it is not configured.
JVMInstallationDirectories <JVM Directory 1> | <JVM Directory 2> | <JVM Directory 3> |

JVM directories for which to enable Java™ automatic sign-on support.

Each directory must be separated by a vertical bar. There must be no space in between 2 JVM directories. For example:
  • C:\Program Files\Java\jre1.5.0_11
  • C:\TAM E-SSO\j2re1.4.1

Specifically, for JVM version 1.2 or later.
OldJVMInstallationDirectories <JVM Directory 1> | <JVM Directory 2> | <JVM Directory 3> |

JVM directories for which to enable Java automatic sign-on support.

Each directory must be separated by a vertical bar. There must be no space in between 2 JVM directories. For example:
  • C:\Program Files\Java\jre1.5.0_11
  • C:\TAM E-SSO\j2re1.4.1

Specifically, for JVM version 1.1
CitrixVirtualChannelConnectorMode 0 | 1 | 2 | 3 | 4

(default: Not defined)
AccessAgent Citrix Virtual Channel Connector mode configuration
  • Set to 0 if you do not want to enable theVirtual Channel Connector.
  • Set to 1 if you want to enable the Virtual Channel Connector on the client computer.
  • Set to 2 if you want to enable the Virtual Channel Connector from the server and run AccessAgent in standard mode.
  • Set to 3 if you want to enable the Virtual Channel Connector from the server and run AccessAgent in lightweight mode.
  • Set to 4 if you want to enable the Virtual Channel Connector from the server and run AccessAgent in enforced lightweight mode.
ICAClientInstallDir <Citrix ICA Client installation directory>

Specify the installation directory for the Citrix ICA Client. This is required for the client Citrix Virtual Channel Connector

.

Setup time and run time options that map to multiple registry values

This section contains a list of options that you can change after installation by modifying registry values. Each option is mapped to several registry values.

Option Name Value Description
ImsSecurePortDefault default: 443 Default secure port number for the default IMS Server.
ImsDownloadPortDefault default: 80

Default download port number for the default IMS Server.

This port is used to download IMS Server certificates only.
ImsDownloadProtocolDefault default: http://

Default download protocol to download IMS Server certificates.

Setup time and run time options that map to one registry value

This section contains a list of options that you cannot change after installation.

Option Name Value Description
WalletTypeSupported 0 | 1 | 2 (default: 0)

Supported Wallet types.

  • 0 - IMS Server only
  • 1 - Non IMS Server only
  • 2 - Both IMS Server and non-IMS Server
ImsAddressPromptEnabled 1 | 0 (default: 0) Specify whether to prompt up the user for an IMS Server address during signup, even if the IMS Server address specified in ImsServerName is correct.
ImsServerName <SAM ESSO IMS Server> Actual host name of the IMS Server.
Parent topic: Preparing an installation package to install on multiple PCs
Previous topic: Preparing and installing a prepackaged Wallet
Next topic: Including support for additional languages

Feedback