/
Installation and (upgrade) requirements - CustomerID

Installation and (upgrade) requirements - CustomerID

2021-01-19

General Requirements

  • Access to the configuration files of Ubisecure SSO.

  • Access to Ubisecure SSO Management.

  • JDBC access from Ubisecure SSO server and Ubisecure CustomerID server to a PostgreSQL Database

  • Ubisecure Directory must be accessible using LDAP protocol from the Ubisecure CustomerID server.

  • Java must be preinstalled on the server (including Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files).

    • Review the System Recommendations and Supported Platforms page to get information about which Java 8 version we currently support. Download one of the supported versions and follow their installation documentation.

    • If you want to use a newer Java version check with our support if we have already tested Ubisecure CustomerID with it.

  • Installation needs to be performed as root/Administrator. 

Installation Packages

Required installation packages can be fetched from Ubisecure Extranet.

Windows

  • customerid-X.X.X-windows.zip Ubisecure CustomerID distribution package for Windows.

Linux

  • customerid-X.X.X-linux.tar.gz Ubisecure CustomerID distribution package for Linux.

Network Requirements

For production installations you must have a load balancer or proxy in front of Ubisecure SSO and CustomerID with the following configuration.
Requests to URLs, /eidm2/* (user interface) and /customerid-rest/* (REST API calls), must be routed to port 7443 on node 1.

To prevent CSRF attacks on Wicket components Ubisecure has added functionality which is checking the  Origin  and  Referer  HTTP headers for cross domain requests.

When the  Origin  or  Referer  HTTP header is present a proxy need to be configured so that it matches the requested URL otherwise a HTTP error (  400 BAD REQUEST ) will be thrown. From the following link you can find information what is needed to configure the proxy: https://ci.apache.org/projects/wicket/apidocs/6.x/org/apache/wicket/protocol/http/CsrfPreventionRequestCycleListener.html

You may also use the general.accepted.origin.whitelist property in Ubisecure CustomerID to list trusted domains. See more from General properties - CustomerID.

NOTE: DO NOT start the production installation until this is done.



Product

Base URL

Source Port

Destination Port

Notes

Ubisecure SSO

https://login.example.com/uas

443

8443

Refer to Ubisecure SSO installation for full list of endpoints.

Ubisecure CustomerID

https://account.example.com/eidm2

443

7443

Ubisecure CustomerID UI for end users, including Admin UI, Self-Service UI, Registration flows and related resources.

Ubisecure CustomerID

https://api.example.com/eidm2/services

https://api.example.com/customerid-rest

443

7443

Ubisecure CustomerID REST APIs. Typically limited for internal use only.

Ubisecure CustomerID

https://manage.example.com/customerid-health

443

7443

Ubisecure CustomerID Health REST API. Typically limited for internal use only.

Ubisecure CustomerID uses Ubisecure SSO Discovery API and therefore must have access to it. See Discovery API - SSO.

Ubisecure Privacy Policy & Cookie Statement