Steps
Note |
---|
When following the instructions given in this manual, it is advisable to type the commands manually instead of copy/pasting them. This is because sometimes characters may be lost or modified in the copying process. |
Check Java
Make sure you have Java installed according to Installation requirements - SSO.
Set up a system wide JRE_HOME environment variable
- In Linux the method and best practice may vary based on your distribution, but one of following approaches should work:
- define JRE_HOME in the
/etc/environment
file - create a new file called e.g. /etc/profile.d/identity.server.sh and define JRE_HOME in it.
- Set the JRE_HOME environment variable so it refers to the Server JRE's jre directory (e.g. JRE_HOME=
/usr/local/java/jdk1.8.0_181/jre
). - Note, that /etc/sudoers may enforce a secure environment. Make sure that the configuration exports JRE_HOME and JAVA_HOME in /etc/sudoers.
Unpack the Software
Unpack the tar archive to /usr/local/ubisecure
.
Code Block |
---|
|
mkdir -p /usr/local/ubisecure
tar -xzvf sso-x.x.x-unix.tar.gz -C /usr/local/ubisecure
|
Install dependencies
For 64 bit Redhat linux, the glibc and libgcc packages for i686 must be installed, update needs to be run for 64bit version of libgcc to prevent version mismatch problem. Linux standard base package is also needed.
Code Block |
---|
|
yum install glibc.i686
yum update libgcc
yum install libgcc.i686
yum install lsb |
Modify the Configuration Template
Copy the configuration template to /usr/local/ubisecure/ubilogin-sso/ubilogin
:
Code Block |
---|
|
cd /usr/local/ubisecure/ubilogin-sso/ubilogin
cp config/unix.config . |
Open unix.config
file in a text editor. Modify the public visible URL address of the Ubisecure deployment, which is set with key uas.url
. The installation is only accessible from the local machine if the value is set as localhost
. The resulting line for uas.url
might look like the following:
Code Block |
---|
|
uas.url = https://sso.example.com:8443 |
Finally, create the configuration files with the setup.sh
script.
Note |
---|
New LDAP passwords are generated every time the setup command is executed. For this reason, the secrets.ldif file must be imported to the LDAP directory after running the setup script. After this, the Tomcat update script must be run to have the applications use the new passwords. See Applications upgrade - SSO for more details about the update process. |
Set Up the System User
Run the following command to set up the system user ubilogin. The newly-created user will be used for running the Ubisecure SSO and Ubisecure Directory.
Code Block |
---|
|
./config/unix/setupuser.sh |
Install Ubisecure Directory
Install OpenLDAP using following command:
Code Block |
---|
|
./ldap/openldap/install.sh |
When the OpenLDAP install script prompts for LDAP Password, type secret
and press return.
Note |
---|
In RedHat 7 install.sh script fails. As a workaround, start OpenLDAP from shell by executing: After OpenLDAP has started, open a new shell and execute the following commands: Code Block |
---|
| ./import.sh ../cnroot.ldif
./import.sh ../uas.ldif
./import.sh ../secrets.ldif
./import.sh ../system-password.ldif
./import.sh groups.ldif |
After finishing the execution, kill the OpenLDAP instance from the other window. |
Note |
---|
When using LDAPS, cacert.pem , server certificate and server certificate key needs to be located at /usr/local/ubisecure/ubilogin-sso/openldap/etc/openldap/ and TLSCACertificateFile , TLSCertificateFile and TLSCertificateKeyFile needs to be uncommented from slapd.conf. |
Install Ubisecure SSO Tomcat
Run the Tomcat install script to install and configure Tomcat to start automatically when Linux is started:
Code Block |
---|
|
./config/tomcat/install.sh
|
The install script does the following:
- Creates a self-signed SSL certificate for test purposes.
- Installs the applications in
ubilogin/webapps
for Tomcat. - Creates the init scripts used to start and stop the Tomcat process.
Start Ubisecure SSO
Start the Ubisecure SSO process using the following commands.
Code Block |
---|
|
/etc/init.d/ubilogin-directory start
/etc/init.d/ubilogin-server start
|
Continue on page Single node installation finalization - SSO to verify that the installation was successful.