...

Chapter Process Flow gives an overview of the system as a whole. Chapter Satu-hetu configuration how to setup and configure the Satu-Hetu conversion using the Ubisecure Server Management application.

Process Flow

The process flow is shown in Figure 1 and is described below:

...

Satu-Hetu Configuration

Satu-Hetu configurations are listed in Services view (Home ->  → Services).

New Satu-Hetu configurations can be created by clicking the New Satu-Hetu... button in this view.
Existing Satu-Hetu configurations can be examined and edited by clicking on the configuration title.

Satu-Hetu Configuration View

• General
  • Name
    Name of the Satu-Hetu configuration
  • Description
    Description of the Satu-Hetu configuration
• Satu-Hetu Cache
  • Type
    Satu-Hetu cache type. Supported cache types are Ubilogin and Katve. In addition, cache may be disabled by selecting Disabled.
  • Cache URL
    Satu-Hetu cache URL and root. Cache entries are stored as children of root. Directory must be defined with external directory integration.
• Satu-Hetu Service
  • URL
    Satu-Hetu service URL. This is provided by VRK. For test environments, the current URL is https://vtjkysely2010.vrk.fi/sosowebsite/soso.asmx 
  • Username
    Username for Satu-Hetu service.
  • Password
    Password for Satu-Hetu service.
  • SoSoNimi
    This is a VRK specific parameter. The value will be provided by VRK.
  • Loppukäyttäjä
    This is a VRK specific parameter. The value will be provided by VRK.
  • Laskutustiedot
    This is a VRK specific parameter. The value will be provided by VRK.
  • Tunnistusportaali
    This is a VRK specific parameter. The value will be provided by VRK.
  • Vara1
    This is a VRK specific parameter. The value will be provided by VRK.
  • SSL
    configuration Reference to a SSL configuration used in Satu-Hetu query. If omitted, the default SSL configuration and truststores are used.
  • Update
    Update the modified configuration.
  • New…
    Create a new Satu-Hetu configuration.
  • Delete
    Delete the Satu-Hetu configuration.
  • Rename
    Rename the Satu-Hetu configuration.

• Methods view

  Image RemovedImage Added
  Figure 4. Satu-Hetu Configuration Methods view

  
  

• Satu-Hetu Configuration
  Methods view shows a list of available authentication methods. Selected methods are assigned with the current Satu-Hetu configuration. Each method may be assigned with at most one Satu-Hetu configuration at a time. Therefore, assigning a Satu-Hetu configuration to a method replaces the previous assignment.
• Update
  Assign the Satu-Hetu configuration with selected authentication methods
• SSL
  Configuration
• SSL with client certificates is required by Satu-Hetu service in production environment. A test service without requirement for client certificates is also provided. SSL parameters are configured in Ubilogin installation directory.

Add the relative location of SSL configuration to ubisecure\config.index

ssl.vrk = custom/ssl/vrk.properties
Example config.index entry
Copy the client certificate and the trusted root certificate of the Satu-Hetu service to the same directory with SSL configuration. Create the SSL configuration file defined in config.index. 

#client.localAddress = 0.0.0.0
client.cert = client.pfx
client.cert.password = pass 
ca.cert = vrksp.crt

Example SSL configuration file

client.localaddress
May be used to defines the local address to be used if the server has multiple IP addresses.

...

• client.cert.password
  The password for client certificate.
• ca.cert
  The trusted root certificate of the Satu-Hetu service.

Method Attribute Mapping

Satu-Hetu query is activated by creating a method attribute mapping and assigning it to an authentication method. An example is provided in the following figure. Please refer to the chapter Attribute Mapping in SSO Management pages for details.

...