Terminal Installation

It is also possible to install the plugin via the terminal. Please make sure you have read and understood the notes on the plugin installer which explain the correct process for installation on either Standard / WID or SQL setups.

When the installer is run on a main primary server, the client ID and client secret for your app need to be passed, plus a session secret (see the session secret rules). Note that, in order to support special characters (^ < > | & /), the values entered must be escaped with "" double-quotes. Also note that Session Secret supports international characters such as cyrillic, e.g. /SESSION_SECRET="Здравей*_1234".

In any command, /S runs the installer silently. Note that, as mentioned above, ADFS is restarted several times in the process of installation.

# Standard / WID Setup

The following example is for installation on the primary server:

start "" /WAIT Miracl.Mfa.Adfs.Installer.exe /S /CLIENT_ID=%YOUR_CLIENT_ID% /CLIENT_SECRET=%YOUR_CLIENT_SECRET% /SESSION_SECRET=%YOUR_SESSION_SECRET% /THEME_NAME="miracl"

The following example is for installation on a secondary server:

start "" /WAIT Miracl.Mfa.Adfs.Installer.exe /S

It is important that the installation commands are prefixed with start "" /WAIT as this ensures the correct ERRORLEVEL is returned (0 indicating success and non-0 indicating failure).

# SQL Setup (Multiple Primary Servers)

As per the standard setup, the following example is for installation on the primary server:

start "" /WAIT Miracl.Mfa.Adfs.Installer.exe /S /CLIENT_ID=%YOUR_CLIENT_ID% /CLIENT_SECRET=%YOUR_CLIENT_SECRET% /SESSION_SECRET=%YOUR_SESSION_SECRET% /THEME_NAME="miracl"

And for installation on subsequent primary servers, /DEPLOY_CONFIG should be set to 0:

start "" /WAIT Miracl.Mfa.Adfs.Installer.exe /S /DEPLOY_CONFIG=0

Note that /DEPLOY_CONFIG=0 ensures that you are not asked to enter config details (Client ID, Client Secret etc.) again. It is necessary to set this on subsequent primary servers.

It is important that the installation commands are prefixed with start "" /WAIT as this ensures the correct ERRORLEVEL is returned (0 indicating success and non-0 indicating failure).

# Notes on Using Installation Scripts

When using windows batch files, commands block until completion.

However, a key point to note is that, when scripting without windows batch files, the commands won’t block until completion. In order to block it is necessary to prefix the commands with start "" /WAIT. For example:

start "" /WAIT Miracl.Mfa.Adfs.Installer.exe /S

Using start "" /WAIT in these scenarios ensures that the correct ERRORLEVEL is returned. Without this there are misleading error messages - it only indicates that commands are running without giving a 0 or non-0 on completion. echo %ERRORLEVEL% can also be used to check whether installation completed correctly, with 0 indicating success and non-0 indicating failure.

# Parameter Reference

The following is a full list of the available parameters for terminal installation:

Parameter Default value Notes
/CLIENT_ID=
/CLIENT_SECRET=
/SESSION_SECRET=
/SERVER_BASE_ADDRESS= https://api/mpin.io Combines with the Discovery Path to give the url (https://api.mpin.io/.well-known/openid-configuration) which returns the OIDC parameters which are used by the service. This should be left as is and changed by Advanced users only.
/NETWORK_TIMEOUT= 10
/IS_DEBUG= 0 Set as 1 or 0 - Debugging mode should only be enabled for test purposes and should never be enabled in production. For debugging in production, the Windows server event log gives stack trace and other information.
/IS_UNKNOWN_STATE_ALLOWED= 0 Set as 1 or 0 - Unknown state should be allowed when custom user verification is used. We suggest to disable it otherwise.
/DEPLOY_CONFIG= 1 on a primary server or 0 on a secondary Set as 1 or 0 (Please see above notes on the plugin installer for details on how to use this parameter).
/THEME_NAME= Set the ADFS web theme name for the newly-configured MIRACL ADFS plugin (see notes above).
/S Run installer silently.
/D Sets the default installation directory ($INSTDIR), overriding InstallDir and InstallDirRegKey. It must be the last parameter used in the command line and must not contain any quotes, even if the path contains spaces. Only absolute paths are supported. For example: /D=C:\Program Files\MIRACLADFS.
/NCRC Disables the CRC check (an error-checking mechanism, similar to a checksum, that enables an application to determine whether the information in a file has been modified).