Upgrade requirements - CustomerID
General Requirements
- Access to the configuration files of Ubisecure SSO.
- Access to Ubisecure SSO Management.
JDBC access from Ubisecure SSO server and Ubisecure CustomerID server to a PostgreSQL Database
NOTE: We do not recommend running PostgreSQL on the same physical server as CustomerID. While there should be no functional problems, they both still reserve CPU, memory and I/O, thus having a slightly unfavorable effect on each other's performance.
- Ubisecure Directory must be accessible using LDAP protocol from the Ubisecure CustomerID server.
- Java must be preinstalled on the server (including Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files).
- We have tested Ubisecure CustomerID with Oracle Java 8 update 181 64 bit Server JRE version.
- If you want to use a newer Java version check with our support if we have already tested Ubisecure CustomerID with it.
- You can find the download site in the address: http://www.oracle.com/technetwork/java/javase/downloads/index.html
- Refer to Oracle online documentation for installing the Server JRE: https://docs.oracle.com/javase/8/docs/technotes/guides/install/linux_server_jre.html
- Instructions to install JCE Policy Files are included in the download package. Starting from Java 8 update 162 the unlimited policy is enabled by default.
Installation needs to be performed as root/Administrator.
NOTE: Run all installation commands using Administrative command prompt. Administrative rights are required in order to install the required system services. This can be achieved by opening the Windows Command prompt using "Run as Administrator" mode.
Installation Packages
Required installation packages can be fetched from Ubisecure Extranet.
Windows
- customerid-X.X.X-windows.zip Ubisecure CustomerID distribution package for Windows.
Linux
- customerid-X.X.X-linux.tar.gz Ubisecure CustomerID distribution package for Linux.
Network Requirements
For production installations you must have a load balancer or proxy in front of Ubisecure SSO and CustomerID with the following configuration.
Requests to URLs, /eidm2/* (user interface) and /customerid-rest/* (REST API calls), must be routed to port 7443 on node 1.
To prevent CSRF attacks on Wicket components Ubisecure has added functionality which is checking the Origin
and Referer
HTTP headers for cross domain requests.
When the Origin
or Referer
HTTP header is present a proxy need to be configured so that it matches the requested URL otherwise a HTTP error ( 400 BAD REQUEST
) will be thrown. From the following link you can find information what is needed to configure the proxy: https://ci.apache.org/projects/wicket/apidocs/6.x/org/apache/wicket/protocol/http/CsrfPreventionRequestCycleListener.html
You may also use the general.accepted.origin.whitelist property in Ubisecure CustomerID to list trusted domains. See more from General properties - CustomerID.
NOTE: DO NOT start the production installation until this is done.
Product | Publicly facing URL | Source Port | Destination Port |
---|---|---|---|
Ubisecure SSO |
| 443 | 8443 |
Ubisecure CustomerID |
| 443 | 7443 |
Ubisecure CustomerID uses Ubisecure SSO Discovery API and therefore must have access to it. See Discovery API - SSO.