...
Stop Ubisecure CustomerID
Panel net stop wildfly
Edit win32.config, example (login.smartplan.com -> login.newplan.com)
Panel cd "C:\Program Files\Ubisecure\customerid\application"
copy win32.config win32.config-old
notepad win32.configExample:
# Ubisecure SSO URL (from Ubisecure SSO win32.config)
uas.url=https\://login.newplan.com\:8445# Ubisecure SSO installation path
ubilogin.home=C\:\\Program Files\\Ubisecure\\ubilogin-sso\\ubilogin# The public visible URL address of Ubisecure CustomerID without path
eidm.url=https\://login.newplan.com\:7445# The local listen address of Ubisecure CustomerID if reverse proxy server is used
proxy.local.url=@eidm.url@...
#ldap.suffix=cn\=Ubilogin,@uas.url.host.dn@
ldap.suffix=cn\=Ubilogin,dc=login,dc=smartplan,dc=comRun setup
Panel cd "C:\Program Files\Ubisecure\customerid\application"
setup.cmd
C:\Program Files\Ubisecure\customerid\application\config\settings.cmd
C:\Program Files\Ubisecure\customerid\application\custom\eidm2_generated.properties
C:\Program Files\Ubisecure\customerid\application\custom\jndi.properties
C:\Program Files\Ubisecure\customerid\application\ldap\customerid-adlds.ldif
C:\Program Files\Ubisecure\customerid\application\ldap\customerid-secrets.ldif
C:\Program Files\Ubisecure\customerid\application\ldap\customerid.ldifEdit widfly config
Panel cd "C:\Program Files\wildfly-14.0.1.Final\standalone\configuration"
notepad standalone.xmlExample:
<host name="default-host" alias="localhost,login.newplan.com,login.newplan.com">
<location name="/" handler="welcome-content"/>
<http-invoker security-realm="ApplicationRealm"/>
</host>
<socket-binding name="https" port="7445"/>Certificate related changes
a. If a self-signed TLS certificate is used, create a new self-signed certificate and, add it to Java trusted certificate storePanel C:\Program Files\Ubisecure\customerid\tools>"%JRE_HOME%\bin\keytool" -delete -keystore "%JRE_HOME%"\lib\security\cacerts -storepass changeit -alias wildfly-trusted
C:\Program Files\Ubisecure\customerid\tools>del "C:\Program Files\wildfly-13.0.0.Final\standalone\configuration\keystore.pfx"
C:\Program Files\Ubisecure\customerid\tools>cert.cmd
Creating login.newplan.com keystore C:\Program Files\wildfly-13.0.0.Final\standalone\configuration\keystore.pfxYou may choose to import the self-signed certificate to JRE's cacerts truststore.
(C:\Program Files\Java\jdk1.8.0_144\jre\lib\security\cacerts)
Importing the certificate will make Java trust this certificate as a certificate authority
and accept every server connection which certificate has been signed with it.Do you want to import the self-signed server certificate to your cacerts truststore?
[Y]es / [N]o: y
Exporting certificate with alias wildfly from "C:\Program Files\wildfly-13.0.0.Final\standalone\configuration\keystore.pfx" to "C:\Users\ADMINI~1\AppData\Local\Temp\2\exported.cer"
Certificate stored in file <C:\Users\ADMINI~1\AppData\Local\Temp\2\exported.cer>
Importing certificate file with alias wildfly-trusted to C:\Program Files\Java\jdk1.8.0_144\jre\lib\security\cacerts
Owner: CN=login.newplan.com
Issuer: CN=login.newplan.com
Serial number: 3ca66f8149c1d20
Valid from: Sun Sep 02 00:00:00 UTC 2018 until: Sun Sep 02 00:00:00 UTC 2029
Certificate fingerprints:
MD5: 65:F4:6A:D0:7C:DD:9D:6B:48:7E:42:57:93:92:E9:18
SHA1: 33:25:6C:15:B9:CD:7F:2C:4F:E6:49:5A:84:F6:CD:83:6C:AE:FC:22
SHA256: 9F:71:A0:6F:74:5B:46:44:3B:1B:56:A1:2C:58:82:3B:91:20:1D:4E:86:26:99:35:E5:01:83:DE:EC:BE:AA:AC
Signature algorithm name: SHA256withRSA
Version: 3
Trust this certificate? [no]: y
Certificate was added to keystoreb. If you have a CA signed certificate:
Panel Edit standalone.xml, example:
<ssl>
<keystore path="C:\\Program Files\\wildfly-13.0.0.Final\\standalone\\configuration\\ubidemo.pfx" keystore-password="nmhxx29ZPvfb3fwxJP67" alias="te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8"/>
</ssl>If you use the same cert than with SSO, it was added to cacerts already. Otherwise, add it to cacerts, see SSO instructions above.
Create new SAML2 identity files
Panel cd "C:\Program Files\Ubisecure\customerid\application\custom"
rename saml2 saml2-old
mkdir saml2
cd "\Program Files\Ubisecure\customerid\tools"
init-eidm-sp.cmd
init-eidm-ap.cmdOptionally download SSO metadata (This must be done if SSO external address has been changed)
Panel cd "C:\Program Files\Ubisecure\customerid\tools"
get-metadata.cmd
A subdirectory or file C:\Program Files\Ubisecure\customerid\application\custom\saml2\sp\metadata already exists.
A subdirectory or file C:\Program Files\Ubisecure\customerid\application\custom\saml2\workflowsp\metadata already exists.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5200 0 5200 0 0 14444 0 --:--:-- --:--:-- --:--:-- 14444
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5200 0 5200 0 0 30232 0 --:--:-- --:--:-- --:--:-- 30232cd "C:\Program Files\Ubisecure\customerid\tools"
get-metadata-for-ap.cmd
A subdirectory or file C:\Program Files\Ubisecure\customerid\application\custom\saml2\ap\metadata already exists.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2736 0 2736 0 0 13477 0 --:--:-- --:--:-- --:--:-- 13477
Verify by opening the metadata files with a text editor
- In case of errors the files may contain an html error page instead of valid metadata
C:\Program Files\Ubisecure\customerid\application\custom\saml2\sp\metadata\metadata.xml
C:\Program Files\Ubisecure\customerid\application\custom\saml2\workflowsp\metadata\metadata.xml
C:\Program Files\Ubisecure\customerid\application\custom\saml2\ap\metadata\metadata.xmlStart Widlfy, verify logs
Upload the new SAML identities to Ubisecure configuration directory
Panel If you have changed rest.username and/or rest.password in eidm2.properties, temporatily comment them out and restart wildfly
cd "C:\Program Files\Ubisecure\customerid\tools"
init-customerid-data-storages.cmd
<init><initializeDatabase/></init>cd "C:\Program Files\Ubisecure\customerid\tools"
update-ap-metadata.cmd
<init><updateSamlApMetadata/></init>Restart Widlfy, verify logs
Modify properties files
Panel - eidm2.properties
- messages.properties
- messages_xx.properties
- mailmessages.properties
- mailmessages_xx.properties
- protection.propertiesRestart Wildfly, verify logs, verify functionality
Note title Note All OIDC and SAML integrations need a new metadata / configuration if the host name was changed
...