Page tree
Skip to end of metadata
Go to start of metadata

During the initial testing of Ubisecure CustomerID, it is often needed to change a working system’s hostname. It can be done quite simply as described below.

Note: host name changes should never be done on a production system after it has gone live.

If the hostname of a Ubisecure CustomerID installation needs to be changed, it can be done following the steps below:

Step-by-step guide

On Windows:

  1. Stop Ubisecure CustomerID

    net stop wildfly
  2. Edit win32.config, example (login.smartplan.com -> login.newplan.com)

    cd "C:\Program Files\Ubisecure\customerid\application"
    copy win32.config win32.config-old
    notepad win32.config

    Example:

    # Ubisecure SSO URL (from Ubisecure SSO win32.config)
    uas.url=https\://login.newplan.com\:8445

    # Ubisecure SSO installation path
    ubilogin.home=C\:\\Program Files\\Ubisecure\\ubilogin-sso\\ubilogin

    # The public visible URL address of Ubisecure CustomerID without path
    eidm.url=https\://login.newplan.com\:7445

    # The local listen address of Ubisecure CustomerID if reverse proxy server is used
    proxy.local.url=@eidm.url@

    ...

    #ldap.suffix=cn\=Ubilogin,@uas.url.host.dn@
    ldap.suffix=cn\=Ubilogin,dc=login,dc=smartplan,dc=com
  3. Run setup

    cd "C:\Program Files\Ubisecure\customerid\application"
    setup.cmd
    C:\Program Files\Ubisecure\customerid\application\config\settings.cmd
    C:\Program Files\Ubisecure\customerid\application\custom\eidm2_generated.properties
    C:\Program Files\Ubisecure\customerid\application\custom\jndi.properties
    C:\Program Files\Ubisecure\customerid\application\ldap\customerid-adlds.ldif
    C:\Program Files\Ubisecure\customerid\application\ldap\customerid-secrets.ldif
    C:\Program Files\Ubisecure\customerid\application\ldap\customerid.ldif
  4. Edit widfly config
    cd "C:\Program Files\wildfly-14.0.1.Final\standalone\configuration"
    notepad standalone.xml

    Example:

    <host name="default-host" alias="localhost,login.newplan.com,login.newplan.com">
    <location name="/" handler="welcome-content"/>
    <http-invoker security-realm="ApplicationRealm"/>
    </host>

    <socket-binding name="https" port="7445"/>
  5. Certificate related changes
    a.  If a self-signed TLS certificate is used, create a new self-signed certificate, add it to Java trusted certificate store
    C:\Program Files\Ubisecure\customerid\tools>"%JRE_HOME%\bin\keytool" -delete -keystore "%JRE_HOME%"\lib\security\cacerts -storepass changeit -alias wildfly-trusted

    C:\Program Files\Ubisecure\customerid\tools>del "C:\Program Files\wildfly-13.0.0.Final\standalone\configuration\keystore.pfx"

    C:\Program Files\Ubisecure\customerid\tools>cert.cmd
    Creating login.newplan.com keystore C:\Program Files\wildfly-13.0.0.Final\standalone\configuration\keystore.pfx

    You may choose to import the self-signed certificate to JRE's cacerts truststore.
    (C:\Program Files\Java\jdk1.8.0_144\jre\lib\security\cacerts)
    Importing the certificate will make Java trust this certificate as a certificate authority
    and accept every server connection which certificate has been signed with it.

    Do you want to import the self-signed server certificate to your cacerts truststore?
    [Y]es / [N]o: y
    Exporting certificate with alias wildfly from "C:\Program Files\wildfly-13.0.0.Final\standalone\configuration\keystore.pfx" to "C:\Users\ADMINI~1\AppData\Local\Temp\2\exported.cer"
    Certificate stored in file <C:\Users\ADMINI~1\AppData\Local\Temp\2\exported.cer>
    Importing certificate file with alias wildfly-trusted to C:\Program Files\Java\jdk1.8.0_144\jre\lib\security\cacerts
    Owner: CN=login.newplan.com
    Issuer: CN=login.newplan.com
    Serial number: 3ca66f8149c1d20
    Valid from: Sun Sep 02 00:00:00 UTC 2018 until: Sun Sep 02 00:00:00 UTC 2029
    Certificate fingerprints:
    MD5: 65:F4:6A:D0:7C:DD:9D:6B:48:7E:42:57:93:92:E9:18
    SHA1: 33:25:6C:15:B9:CD:7F:2C:4F:E6:49:5A:84:F6:CD:83:6C:AE:FC:22
    SHA256: 9F:71:A0:6F:74:5B:46:44:3B:1B:56:A1:2C:58:82:3B:91:20:1D:4E:86:26:99:35:E5:01:83:DE:EC:BE:AA:AC
    Signature algorithm name: SHA256withRSA
    Version: 3
    Trust this certificate? [no]: y
    Certificate was added to keystore

    b. If you have a CA signed certificate:

    Edit standalone.xml, example:
     <ssl>
    <keystore path="C:\\Program Files\\wildfly-13.0.0.Final\\standalone\\configuration\\ubidemo.pfx" keystore-password="nmhxx29ZPvfb3fwxJP67" alias="te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8"/>
    </ssl>

    If you use the same cert than with SSO, it was added to cacerts already. Otherwise, add it to cacerts, see SSO instructions above.

  6. Create new SAML2 identity files

    cd "C:\Program Files\Ubisecure\customerid\application\custom"
    rename saml2 saml2-old
    mkdir saml2

    cd "\Program Files\Ubisecure\customerid\tools"
    init-eidm-sp.cmd
    init-eidm-ap.cmd
  7. Optionally download SSO metadata (This must be done if SSO external address has been changed)

    cd "C:\Program Files\Ubisecure\customerid\tools"
    get-metadata.cmd
    A subdirectory or file C:\Program Files\Ubisecure\customerid\application\custom\saml2\sp\metadata already exists.
    A subdirectory or file C:\Program Files\Ubisecure\customerid\application\custom\saml2\workflowsp\metadata already exists.
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed
    100 5200 0 5200 0 0 14444 0 --:--:-- --:--:-- --:--:-- 14444
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed
    100 5200 0 5200 0 0 30232 0 --:--:-- --:--:-- --:--:-- 30232

    cd "C:\Program Files\Ubisecure\customerid\tools"
    get-metadata-for-ap.cmd
    A subdirectory or file C:\Program Files\Ubisecure\customerid\application\custom\saml2\ap\metadata already exists.
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed
    100 2736 0 2736 0 0 13477 0 --:--:-- --:--:-- --:--:-- 13477

    Verify by opening the metadata files with a text editor
    - In case of errors the files may contain an html error page instead of valid metadata
    C:\Program Files\Ubisecure\customerid\application\custom\saml2\sp\metadata\metadata.xml
    C:\Program Files\Ubisecure\customerid\application\custom\saml2\workflowsp\metadata\metadata.xml
    C:\Program Files\Ubisecure\customerid\application\custom\saml2\ap\metadata\metadata.xml
  8. Start Widlfy, verify logs

  9. Upload the new SAML identities to Ubisecure configuration directory

    If you have changed rest.username and/or rest.password in eidm2.properties, temporatily comment them out and restart wildfly

    cd "C:\Program Files\Ubisecure\customerid\tools"
    init-customerid-data-storages.cmd
    <init><initializeDatabase/></init>

    cd "C:\Program Files\Ubisecure\customerid\tools"
    update-ap-metadata.cmd
    <init><updateSamlApMetadata/></init>
  10. Restart Widlfy, verify logs

  11. Modify properties files

    - eidm2.properties
    - messages.properties
    - messages_xx.properties
    - mailmessages.properties
    - mailmessages_xx.properties
    - protection.properties
  12. Restart Wildfly, verify logs, verify functionality

    Note

    All OIDC and SAML integrations need a new metadata / configuration if the host name was changed