Versions Compared

Old Version 3

changes.mady.by.user Arto Vainiolehto

Saved on

compared with

New Version 4

changes.mady.by.user Arto Vainiolehto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Note
titleSecuring HTTP connections

Although the adapter is currently deployed to the same node as Ubisecure SSO (install on one node only if in HP), it is suggested to secure the adapter by configuring it to use HTTPS in order to avoid exposing of sensitive information. This suggested step allows moving adapters to different servers than Ubisecure SSO. You can refer to Spring Boot Server SSL configuration instructions for more details.

Adapter configuration properties

The following configuration properties can be set using the configuration prefix:

...

Note
titleRemember to create trust and key stores

Before running the adapter, make sure you have generated the relevant trust and key stores storing the relevant keys and configured the relevant properties to point to these files.

  • ubisecure.sso.oidc.trust-store.path for OIDC client certificates
  • ubisecure.sso.bankid.sweden.key-store.path for BankID service provider related certificates
  • ubisecure.sso.bankid.sweden.user-certificate-policy for BankID user certificate policy configuration

...

Keys are stored in base64 encoded PKCS12 keystores in ubiloginPKCS12 attribute of the ubiloginKeyCredential objects.

The DNs for ubiloginKeyCredential objects used by the server can be found from the ubiloginKeyCredentialDN attribute values in cn=Server,ou=System,cn=Ubilogin,<LDAP suffix> entry.

After adding the certificates to the trust store modify application configuration to include the new kid in clients[n].key-aliases list.

...