Tested with CustomerID 5.3.5

During the initial testing of Ubisecure CustomerID, it is often needed to change a working system’s hostname. It can be done quite simply as described below.

Note: host name changes should never be done on a production system after it has gone live.

If the hostname of a Ubisecure CustomerID installation needs to be changed, it can be done following the steps below:

Step-by-step guide

On Windows:

Stop Ubisecure CustomerID
```
net stop wildfly
```

Edit win32.config, example (login.smartplan.com -> login.newplan.com)

cd "C:\Program Files\Ubisecure\customerid\application"
copy win32.config win32.config-old
notepad win32.config

Example:


# Ubisecure SSO URL (from Ubisecure SSO win32.config)
uas.url=https\://login.newplan.com\:8445

# Ubisecure SSO installation path
ubilogin.home=C\:\\Program Files\\Ubisecure\\ubilogin-sso\\ubilogin

# The public visible URL address of Ubisecure CustomerID without path
eidm.url=https\://login.newplan.com\:7445

# The local listen address of Ubisecure CustomerID if reverse proxy server is used
proxy.local.url=@eidm.url@

...

#ldap.suffix=cn\=Ubilogin,@uas.url.host.dn@
ldap.suffix=cn\=Ubilogin,dc=login,dc=smartplan,dc=com

Run setup

cd "C:\Program Files\Ubisecure\customerid\application"
setup.cmd
C:\Program Files\Ubisecure\customerid\application\config\settings.cmd
C:\Program Files\Ubisecure\customerid\application\custom\eidm2_generated.properties
C:\Program Files\Ubisecure\customerid\application\custom\jndi.properties
C:\Program Files\Ubisecure\customerid\application\ldap\customerid-adlds.ldif
C:\Program Files\Ubisecure\customerid\application\ldap\customerid-secrets.ldif
C:\Program Files\Ubisecure\customerid\application\ldap\customerid.ldif

Edit widfly config

cd "C:\Program Files\wildfly-14.0.1.Final\standalone\configuration"
notepad standalone.xml

Example:


 <host name="default-host" alias="localhost,login.newplan.com,login.newplan.com">
 <location name="/" handler="welcome-content"/>
 <http-invoker security-realm="ApplicationRealm"/>
 </host>
 
 <socket-binding name="https" port="7445"/>

Certificate related changes
a.  If a self-signed TLS certificate is used, create a new self-signed certificate, add it to Java trusted certificate store

C:\Program Files\Ubisecure\customerid\tools>"%JRE_HOME%\bin\keytool" -delete -keystore "%JRE_HOME%"\lib\security\cacerts -storepass changeit -alias wildfly-trusted

C:\Program Files\Ubisecure\customerid\tools>del "C:\Program Files\wildfly-13.0.0.Final\standalone\configuration\keystore.pfx"

C:\Program Files\Ubisecure\customerid\tools>cert.cmd
Creating login.newplan.com keystore C:\Program Files\wildfly-13.0.0.Final\standalone\configuration\keystore.pfx

You may choose to import the self-signed certificate to JRE's cacerts truststore.
(C:\Program Files\Java\jdk1.8.0_144\jre\lib\security\cacerts)
Importing the certificate will make Java trust this certificate as a certificate authority
and accept every server connection which certificate has been signed with it.

Do you want to import the self-signed server certificate to your cacerts truststore?
[Y]es / [N]o: y
Exporting certificate with alias wildfly from "C:\Program Files\wildfly-13.0.0.Final\standalone\configuration\keystore.pfx" to "C:\Users\ADMINI~1\AppData\Local\Temp\2\exported.cer"
Certificate stored in file <C:\Users\ADMINI~1\AppData\Local\Temp\2\exported.cer>
Importing certificate file with alias wildfly-trusted to C:\Program Files\Java\jdk1.8.0_144\jre\lib\security\cacerts
Owner: CN=login.newplan.com
Issuer: CN=login.newplan.com
Serial number: 3ca66f8149c1d20
Valid from: Sun Sep 02 00:00:00 UTC 2018 until: Sun Sep 02 00:00:00 UTC 2029
Certificate fingerprints:
     MD5: 65:F4:6A:D0:7C:DD:9D:6B:48:7E:42:57:93:92:E9:18
     SHA1: 33:25:6C:15:B9:CD:7F:2C:4F:E6:49:5A:84:F6:CD:83:6C:AE:FC:22
     SHA256: 9F:71:A0:6F:74:5B:46:44:3B:1B:56:A1:2C:58:82:3B:91:20:1D:4E:86:26:99:35:E5:01:83:DE:EC:BE:AA:AC
     Signature algorithm name: SHA256withRSA
     Version: 3
Trust this certificate? [no]: y
Certificate was added to keystore

b. If you have a CA signed certificate:

Edit standalone.xml, example:

 <ssl>
 <keystore path="C:\\Program Files\\wildfly-13.0.0.Final\\standalone\\configuration\\ubidemo.pfx" keystore-password="nmhxx29ZPvfb3fwxJP67" alias="te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8"/>
 </ssl>

If you use the same cert than with SSO, it was added to cacerts already. Otherwise, add it to cacerts, see SSO instructions above.

Create new SAML2 identity files

cd "C:\Program Files\Ubisecure\customerid\application\custom"
rename saml2 saml2-old
mkdir saml2


cd "\Program Files\Ubisecure\customerid\tools"
init-eidm-sp.cmd
init-eidm-ap.cmd

Optionally download SSO metadata (This must be done if SSO external address has been changed)

cd "C:\Program Files\Ubisecure\customerid\tools"
get-metadata.cmd
A subdirectory or file C:\Program Files\Ubisecure\customerid\application\custom\saml2\sp\metadata already exists.
A subdirectory or file C:\Program Files\Ubisecure\customerid\application\custom\saml2\workflowsp\metadata already exists.
 % Total % Received % Xferd Average Speed Time Time Time Current
                    Dload Upload Total Spent Left Speed
100 5200 0 5200 0 0 14444 0 --:--:-- --:--:-- --:--:-- 14444
 % Total % Received % Xferd Average Speed Time Time Time Current
                    Dload Upload Total Spent Left Speed
100 5200 0 5200 0 0 30232 0 --:--:-- --:--:-- --:--:-- 30232

cd "C:\Program Files\Ubisecure\customerid\tools"
get-metadata-for-ap.cmd
A subdirectory or file C:\Program Files\Ubisecure\customerid\application\custom\saml2\ap\metadata already exists.
 % Total % Received % Xferd Average Speed Time Time Time Current
                    Dload Upload Total Spent Left Speed
100 2736 0 2736 0 0 13477 0 --:--:-- --:--:-- --:--:-- 13477


Verify by opening the metadata files with a text editor
- In case of errors the files may contain an html error page instead of valid metadata
C:\Program Files\Ubisecure\customerid\application\custom\saml2\sp\metadata\metadata.xml
C:\Program Files\Ubisecure\customerid\application\custom\saml2\workflowsp\metadata\metadata.xml
C:\Program Files\Ubisecure\customerid\application\custom\saml2\ap\metadata\metadata.xml

Start Widlfy, verify logs

Upload the new SAML identities to Ubisecure configuration directory

If you have changed rest.username and/or rest.password in eidm2.properties, temporatily comment them out and restart wildfly

cd "C:\Program Files\Ubisecure\customerid\tools"
init-customerid-data-storages.cmd
<init><initializeDatabase/></init>

cd "C:\Program Files\Ubisecure\customerid\tools"
update-ap-metadata.cmd
<init><updateSamlApMetadata/></init>

Restart Widlfy, verify logs

Modify properties files

- eidm2.properties
- messages.properties
- messages_xx.properties
- mailmessages.properties
- mailmessages_xx.properties
- protection.properties

Restart Wildfly, verify logs, verify functionality

Note

All OIDC and SAML integrations need a new metadata / configuration if the host name was changed

Related articles

Browser not supported