General RequirementsInstallation PackagesRequired installation packages can be fetched from Ubisecure Extranet. Windows- customerid-X.X.X-windows.zip Ubisecure CustomerID distribution package for Windows.
Linux- customerid-X.X.X-linux.tar.gz Ubisecure CustomerID distribution package for Linux.
Network RequirementsFor production installations you must have a load balancer or proxy in front of Ubisecure SSO and CustomerID with the following configuration. Requests to URLs, /eidm2/* (user interface) and /customerid-rest/* (REST API calls), must be routed to port 7443 on node 1. To prevent CSRF attacks on Wicket components Ubisecure has added functionality which is checking the Origin and Referer HTTP headers for cross domain requests. When the Origin or Referer HTTP header is present a proxy need to be configured so that it matches the requested URL otherwise a HTTP error ( 400 BAD REQUEST ) will be thrown. From the following link you can find information what is needed to configure the proxy: https://ci.apache.org/projects/wicket/apidocs/6.x/org/apache/wicket/protocol/http/CsrfPreventionRequestCycleListener.html You may also use the general.accepted.origin.whitelist property in Ubisecure CustomerID to list trusted domains. See more from General properties - CustomerID. Note |
---|
NOTE: DO NOT start the production installation until this is done. |
Product | Publicly facing URL | Source Port | Destination Port |
---|
Ubisecure SSO | https://sso.example.com/ubilogin
| 443 | 8443 | Ubisecure CustomerID | https://sso.example.com/eidm2/wf/self-service
| 443 | 7443 | Ubisecure CustomerID uses Ubisecure SSO Discovery API and therefore must have access to it. See Discovery API - SSO. |