Installation and (upgrade) requirements - CustomerID
JDBC access from Ubisecure SSO server and Ubisecure CustomerID server to a PostgreSQL Database NOTE: We do not recommend running PostgreSQL on the same physical server as CustomerID. While there should be no functional problems, they both still reserve CPU, memory and I/O, thus having a slightly unfavorable effect on each other's performance. Installation needs to be performed as root/Administrator. NOTE: Run all installation commands using Administrative command prompt. Administrative rights are required in order to install the required system services. This can be achieved by opening the Windows Command prompt using "Run as Administrator" mode. Required installation packages can be fetched from Ubisecure Extranet. For production installations you must have a load balancer or proxy in front of Ubisecure SSO and CustomerID with the following configuration. To prevent CSRF attacks on Wicket components Ubisecure has added functionality which is checking the When the You may also use the general.accepted.origin.whitelist property in Ubisecure CustomerID to list trusted domains. See more from General properties - CustomerID. NOTE: DO NOT start the production installation until this is done. Product Base URL Source Port Destination Port Ubisecure SSO 443 8443 Ubisecure CustomerID 443 7443 Ubisecure CustomerID uses Ubisecure SSO Discovery API and therefore must have access to it. See Discovery API - SSO.General Requirements
Installation Packages
Windows
Linux
Network Requirements
Requests to URLs, /eidm2/* (user interface) and /customerid-rest/* (REST API calls), must be routed to port 7443 on node 1.Origin
and Referer
HTTP headers for cross domain requests. Origin
or Referer
HTTP header is present a proxy need to be configured so that it matches the requested URL otherwise a HTTP error ( 400 BAD REQUEST
) will be thrown. From the following link you can find information what is needed to configure the proxy: https://ci.apache.org/projects/wicket/apidocs/6.x/org/apache/wicket/protocol/http/CsrfPreventionRequestCycleListener.htmlNotes https://login.example.com/uas
Refer to Ubisecure SSO installation for full list of endpoints. https://account.example.com/eidm2
Ubisecure CustomerID UI for end users, including Admin UI, Self-Service UI, Registration flows and related resources. Ubisecure CustomerID https://api.example.com/eidm2/services
https://api.example.com/customerid-rest
443 7443 Ubisecure CustomerID REST APIs. Typically limited for internal use only. Ubisecure CustomerID https://manage.example.com/customerid-health
443 7443 Ubisecure CustomerID Health REST API. Typically limited for internal use only.