Ubisecure CustomerID uses the same Ubisecure Directory as Ubisecure SSO. For this reason, Ubisecure CustomerID needs some of the configuration details from the Ubisecure SSO setup. This chapter describes how this information can be added to the Ubisecure CustomerID configuration.

The other properties can be adjusted according to the needs of the specific installation environment.

Create a copy of the Ubisecure CustomerID configuration template:

cd /D "%PROGRAMFILES%\Ubisecure\customerid\application"
copy config\win32.config

Copy entries from Ubisecure SSO configuration file to Ubisecure CustomerID configuration file:

Open the Ubisecure CustomerID win32.config file for editing:

notepad %PROGRAMFILES%\Ubisecure\customerid\application\win32.config

Open the Ubisecure SSO win32.config file:

notepad %PROGRAMFILES%\Ubisecure\ubilogin-sso\ubilogin\win32.config

Copy the following values from Ubisecure SSO win32.config file to the Ubisecure CustomerID win32.config file:

From: Ubisecure SSO
To: UbisecureCustomerID
master.secret
master.secret
uas.url
uas.url
ldap.url
ldap.url
suffix
ldap.suffix

Check that there are no unintentional characters at the end of uas.url value. In fact, always check that there are no extra spaces at ends of any of the lines!
You can now close the Ubisecure SSO win32.config file

From: Ubisecure SSO	To: UbisecureCustomerID
master.secret	master.secret
uas.url	uas.url
ldap.url	ldap.url
suffix	ldap.suffix

Rest of the fields in the Ubisecure CustomerID win32.config file can be defined independently from Ubisecure SSO.

Edit win32.config

Field Name	Field Description
uas.entityId	SAML identity provider entityID when SSO is acting as the identity provider. The default value `uas.entityId = @uas.url@/uas` does not normally need to be modified.
uas.saml2.metadata.url	SAML identity provider metadata download URL when SSO is acting as the identity provider. The default value `uas.saml2.metadata.url=@uas.url@/uas/saml2/metadata.xml` does not normally need to be modified.
uas.saml2.saml.ap.custid.metadata.url	SAML service provider metadata download URL for saml.ap.custid authentication method in SSO. The default value `uas.saml2.saml.ap.custid.metadata.url=@uas.url@/uas/saml2/names/ac/saml.ap.custid/metadata.xml` does not normally need to be modified.
ubilogin.home	This is the path to the location where Ubisecure SSO has been installed. Backslashes must be escaped with a backslash. ubilogin.home=C:\\Program Files\\Ubisecure\\ubilogin-sso\\ubilogin
eidm.url	This is the publicly visible URL address of your Ubisecure CustomerID installation. The value must not include a path component and must not end with a '/' character. This address must be accessible for all users of this installation. In an installation with front-end reverse proxy servers this address refers to the first front-end server that is accessible from the public network. In production systems, no port number should be used. `eidm.url=https://cid.example.com`
proxy.local.url (if proxy is used)	In case there is a reverse proxy server acting in front of the Ubisecure CustomerID, proxy.local.url specifies the URL that will be used by the reverse proxy when accessing the Ubisecure CustomerID. In example below, you must configure proxy to listen to eidm.url and forward requests to port 7443 on host1.local `proxy.local.url=https://host1.local:7443`
rest.oauth2.client.uuid	OAuth 2.0 client ID of CustomerID API application CustomerID uses internally to validate OAuth2 access token for REST API and needs to be known by the integrator, see Configuring OAuth2 authentication for REST API. You may leave it empty and one will be generated for you and preserved in future upgrades. Tip OAuth2 authentication can be disabled after initial CustomerID setup by clearing either `rest.oauth2.client.uuid` or `rest.oauth2.client.secret` or both and running setup again.
rest.oauth2.client.secret	OAuth 2.0 client secret of CustomerID API application for REST API OAuth2 authentication CustomerID uses internally to validate OAuth2 access token for REST API but not needed by the integrator. Leave it empty and one will be generated for you and preserved in future upgrades.
rest.oauth2.introspection.url	The SSO introspection URL that OAuth 2.0 client uses to validate OAuth2 access token for REST API. Default value `rest.oauth2.introspection.url = @uas.url@/uas/oauth2/introspection` This means that by default public address of SSO is accessed as `uas.url` contains the public address. You might want to specify the internal address of the SSO or the internal address of a single node in a SSO cluster instead. This configuration supports only one address. If you need load balancing for multiple internal SSO addresses then you need to configure a load balancing proxy for them and use that address. Example: rest.oauth2.introspection.url = https://node1.sso.example.com:8443/uas/oauth2/introspection
rest.username	The username used with REST calls, obsolete in case of OAuth2 based authentication.
rest.password	The password used with REST calls, obsolete in case of OAuth2 based authentication.
ldap.principal	The object in LDAP that is used as login object for LDAP connections from Ubisecure CustomerID.
ldap.password	The password used when connecting to LDAP from Ubisecure CustomerID.
database.host	Defines the host where PostgreSQL is installed. This can be an IP address or DNS host name.
database.port	Defines the public TCP port of the PostgreSQL server. Default is 5432.
database.name	Defines the name of the database that Ubisecure CustomerID should use from the PostgreSQL server.
database.user	Defines a user name that Ubisecure CustomerID should use to connect to PostgreSQL.
database.password	Defines the connection password for the Ubisecure CustomerID database user.
wildfly.home	Defines the folder where WildFly is installed.
wildfly.http.port	Defines the TCP port where WildFly listens for unencrypted HTTP connections.
wildfly.https.port	Defines the TCP port where WildFly listens for encrypted HTTP connections.
wildfly.ip_addr.master	Internal IP address or hostname of CustomerID master node (disregard if standalone).
wildfly.ip_addr.slave	Internal IP address or hostname of CustomerID slave node (disregard if standalone).
database.driver.path	Defines the path where scripts can find the PostgreSQL JDBC driver. (If you have followed instructions to the letter, this must be defined to point to %USERPROFILE%\Desktop\customerid.) Note, that in the configuration file, all paths must be escaped by duplicating each "\"-separator, so the actual path %USERPROFILE%\Desktop\customerid would have to be defined as %USERPROFILE\\Desktop customerid.
database.driver.file	Defines the file name of the actual JDBC database driver library.
keystore.alias	Defines a custom alias for the server's SSL key pair in the certificate key store.
keystore.password	Defines a password for the key store.
mail.host	The DNS name or IP address of the mail server.
mail.port	The TCP port of the mail server. Usually 25 for unencrypted SMTP, 465 for encrypted SMTP.
mail.username	The user account name used to log on to the mail server. This is an optional property.
mail.password	The password of the user account name used to log on to the mail server. This is configured only in conjunction with mail.username. Note: if your password contains character "(" you need to escape it with "\\". Example your mail server password is "abTE(kjd12" you need to set mail.password = abTE\\(kjd12
mail.from	The email address to insert in the from field of the email messages. Note: You need to escape the "@" character with another "@" character. Example: john.doe@@example.com
mail.ssl	Define if SSL should be used when contacting the mail server. Value is either true or empty.

To run Ubisecure CustomerID setup script:
Take the setup configurations in use by issuing the following commands:

cd /D "%PROGRAMFILES%\Ubisecure\customerid\application\"
setup.cmd

Browser not supported