Installation Overview
- Extracting Certificate Authentication Provider distribution package
- Creating SAML identity provider configuration
- Modifying PKI policy
- Exporting SAML identity provider metadata
- Configuring Ubisecure Authentication Server
- Importing service provider metadata
- Deploying Certificate Authentication Provider
Requirements
System Requirements
- SSL connection configured on an application server or SSL reverse-proxy
- Ubisecure SSO Server 6.5 or later
Additional Requirements
- Time synchronization is required between the service provider and identity provider. If this is not possible for some isolated test case, this can be worked around by setting the service provider's server time slightly ahead of the identity provider, but this is under no circumstances a recommended practice, especially in a production environment.
- For information about the Network Time Protocol, refer to following URLs.
- NTP: The Network Time Protocol
http://www.ntp.org - Windows Time Service Technical Reference
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/windows-time-service/windows-time-service
- NTP: The Network Time Protocol
Required Files
-
certap-<version>.zip
PKI Requirements
- A root certificate for verifying the certificates the user
- An optional HTTP or LDAP address for the CRL distribution point, or HTTP address to OCSP server
The Certificate Authentication Provider installation includes the complete PKI files and settings for the Finnish National Electronic ID card (HST).
Preparing for Installation
Before proceeding with installation, the following configuration decisions must be made:
...