In this page, Ubisecure Certificate AP is integrated with Ubisecure SSO. Ubisecure Certificate AP works as a SAML authentication method from the point of view of Ubisecure SSO.
Configuring Ubisecure SSO
A new authentication method is to be created corresponding the Certificate AP
Open Ubisecure SSO Management and create a new SAML authentication method
Figure 1. Creating the SAML method
Upload the metadata of Certificate AP to the created SAML method. The metadata of Certificate AP is found in
https://certap.example.com:9443/certap/saml2/metadata.xml
the domain depending on Certificate AP deployment location.Figure 2. Uploading the metadata of the Certificate AP to the SAML method in Ubilogin SSO
- Enable the method
Set Certificate AP to Trust Ubisecure SSO
The metadata of Ubisecure SSO must be downloaded to the Certificate AP in order to create a trust relationship.
Download the Ubisecure SSO metadata by pressing [Download Metadata] link:
Figure 3. Downloading the metadata of Ubisecure SSO - Place the metadata in
CERTAP_HOME\webapps\certap\WEB-INF\uap\metadata\metadata.xml
Restart Certificate AP
Listing 1. Restarting the Certificate AP on Windowscd /d "C:\Program Files\Ubisecure\certap\certap" config\tomcat\update.cmd
Listing 2. Restarting the Certificate AP on Linux/etc/init.d/certap-server stop cd /usr/local/ubisecure/certap/certap/config/tomcat/ ./update.sh /etc/init.d/certap-server start
Now you can log in to an application by using the Certificate AP method. See Ubisecure SSO Management pages for instructions on how to attach an authentication method to a web application and create a group for users of certificates.