Application identity generation and IDP metadata download on Windows - CustomerID
This chapter describes how to download Identity Provider metadata from Ubisecure SSO and generate Service Provider metadata.
SSO needs to be started, when downloading IDP metadata and initializing application identity.
To download Identity Provider metadata and generate Service Provider metadata:
Download IDP metadata by running the following commands:
cd /D "%PROGRAMFILES%\Ubisecure\customerid\tools\" get-metadata.cmd
This command will show download statistics if successful.
Starting from CustomerID 5.9.0 the IDP metadata is automatically updated from the IDP metadata endpoint once every 60 seconds. The metadata file
metadata.xmlis used as the initial metadata, which is used only whenever the metadata endpoint cannot be accessed when the application is trying to read the metadata for the first time after boot. After the metadata gets successfully updated from the metadata endpoint, the initial metadata is no longer used for anything. It's still recommended to keepmetadata.xmlup-to-date, especially when the signing and/or encryption keys change, but it's not required.Initialize Ubisecure CustomerID SPs by running the following commands:
cd /D "%PROGRAMFILES%\Ubisecure\customerid\tools\" init-eidm-sp.cmd
This command will not display any output if successful.
Initialize authentication provider by running the following commands:
cd /D "%PROGRAMFILES%\Ubisecure\customerid\tools\" init-eidm-ap.cmd
This command will not display any output if successful.