It is also possible to install the plugin via the terminal. Please make sure you have read and understood the notes on the plugin installer which explain the correct process for installation on either Standard / WID or SQL setups.
When the installer is run on a main primary server, the client ID and client
secret for your app need to be passed, plus a session secret (see
the session secret rules). Note that, in order to support
special characters (^ < > | & /), the values entered must be escaped with ""
double-quotes. Also note that Session Secret supports international
characters such as cyrillic, e.g. /SESSION_SECRET="Здравей*_1234"
.
In any command, /S runs the installer silently. Note that, as mentioned above, ADFS is restarted several times in the process of installation.
# Standard / WID Setup
The following example is for installation on the primary server:
start "" /WAIT Miracl.Mfa.Adfs.Installer.exe /S /CLIENT_ID=%YOUR_CLIENT_ID% /CLIENT_SECRET=%YOUR_CLIENT_SECRET% /SESSION_SECRET=%YOUR_SESSION_SECRET% /THEME_NAME="miracl"
The following example is for installation on a secondary server:
start "" /WAIT Miracl.Mfa.Adfs.Installer.exe /S
It is important that the installation commands are prefixed with
start "" /WAIT
as this ensures the correct ERRORLEVEL is returned (0
indicating success and non-0 indicating failure).
# SQL Setup (Multiple Primary Servers)
As per the standard setup, the following example is for installation on the primary server:
start "" /WAIT Miracl.Mfa.Adfs.Installer.exe /S /CLIENT_ID=%YOUR_CLIENT_ID% /CLIENT_SECRET=%YOUR_CLIENT_SECRET% /SESSION_SECRET=%YOUR_SESSION_SECRET% /THEME_NAME="miracl"
And for installation on subsequent primary servers, /DEPLOY_CONFIG should be set to 0:
start "" /WAIT Miracl.Mfa.Adfs.Installer.exe /S /DEPLOY_CONFIG=0
Note that /DEPLOY_CONFIG=0
ensures that you are not asked to enter config
details (Client ID, Client Secret etc.) again. It is necessary to set this on
subsequent primary servers.
It is important that the installation commands are prefixed with
start "" /WAIT
as this ensures the correct ERRORLEVEL is returned (0
indicating success and non-0 indicating failure).
# Notes on Using Installation Scripts
When using windows batch files, commands block until completion.
However, a key point to note is that, when scripting without windows batch
files, the commands won’t block until completion. In order to block it is
necessary to prefix the commands with start "" /WAIT
. For example:
start "" /WAIT Miracl.Mfa.Adfs.Installer.exe /S
Using start "" /WAIT
in these scenarios ensures that the correct ERRORLEVEL is
returned. Without this there are misleading error messages - it only indicates
that commands are running without giving a 0 or non-0 on completion.
echo %ERRORLEVEL%
can also be used to check whether installation completed
correctly, with 0 indicating success and non-0 indicating failure.
# Parameter Reference
The following is a full list of the available parameters for terminal installation:
Parameter | Default value | Notes |
---|---|---|
/CLIENT_ID= | ||
/CLIENT_SECRET= | ||
/SESSION_SECRET= | ||
/SERVER_BASE_ADDRESS= | https://api/mpin.io | Combines with the Discovery Path to give the url (https://api.mpin.io/.well-known/openid-configuration) which returns the OIDC parameters which are used by the service. This should be left as is and changed by Advanced users only. |
/NETWORK_TIMEOUT= | 10 | |
/IS_DEBUG= | 0 | Set as 1 or 0 - Debugging mode should only be enabled for test purposes and should never be enabled in production. For debugging in production, the Windows server event log gives stack trace and other information. |
/IS_UNKNOWN_STATE_ALLOWED= | 0 | Set as 1 or 0 - Unknown state should be allowed when custom user verification is used. We suggest to disable it otherwise. |
/DEPLOY_CONFIG= | 1 on a primary server or 0 on a secondary | Set as 1 or 0 (Please see above notes on the plugin installer for details on how to use this parameter). |
/THEME_NAME= | Set the ADFS web theme name for the newly-configured MIRACL ADFS plugin (see notes above). | |
/S | Run installer silently. | |
/D | Sets the default installation directory ($INSTDIR), overriding InstallDir and InstallDirRegKey. It must be the last parameter used in the command line and must not contain any quotes, even if the path contains spaces. Only absolute paths are supported. For example: /D=C:\Program Files\MIRACLADFS . |
|
/NCRC | Disables the CRC check (an error-checking mechanism, similar to a checksum, that enables an application to determine whether the information in a file has been modified). |