Info |
---|
Last reviewed: 2018-01-31 |
Obtain and Install Oracle Server JRE 1.8.x and Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files
- You can find the download site in the address: http://www.oracle.com/technetwork/java/javase/downloads/index.html
- Refer to Oracle online documentation for installing the Server JRE: https://docs.oracle.com/javase/8/docs/technotes/guides/install/linux_server_jre.html
- Instructions to install JCE Policy Files are included in the download package
Set up a system wide JRE_HOME environment variable
- In Linux this can be done by modifying the /etc/environment file
- Set the JRE_HOME environment variable so it refers to the Server JRE's jre directory (e.g. JRE_HOME=/usr/local/jdk1.8.0_144/jre)
You may have to modify the /etc/sudoers file so that the environment variables are properly exported for the root user. Use the visudo command for this. Note that you will need to restart the root's shell so the settings will take effect.
Code Block language xml title Edit /etc/sudoers and add the JRE_HOME and JAVA_HOME environment variables to env_keep Defaults env_reset Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS" Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" Defaults env_keep += "SSH_AUTH_SOCK" # Add line below to keep the JRE_HOME and JAVA_HOME environment variables when logging in as root Defaults env_keep += "JRE_HOME JAVA_HOME"
Stop the ubilogin-server and ubilogin-directory daemons:
Code Block language xml theme Default /etc/init.d/ubilogin-server stop /etc/init.d/ubilogin-directory stop
Take a backup from Ubisecure Directory of the old SSO
Code Block language xml theme Default ./usr/local/ubisecure/ubilogin-sso/openldap/libexec/slapd -T cat -f "/usr/local/ubisecure/ubilogin-sso/openldap/etc/openldap/slapd.conf" -l /home/ubilogin/database.ldif
Backup the existing Ubisecure SSO installation and OpenLDAP:
Code Block language xml theme Default cd /usr/local/ubisecure mv ubilogin-sso ubilogin-sso-old
Extract the archive
ubilogin-sso-x.x.x.xxxxx.tar.gz
to directory/usr/local/ubisecure
Code Block language xml theme Default tar xzvf ubilogin-sso-x.x.x.xxxxx.tar.gz
Copy
unix.config
from older version:Code Block language xml theme Default cp /usr/local/ubisecure/ubilogin-sso-old/ubilogin/unix.config /usr/local/ubisecure/ubilogin-sso/ubilogin/unix.config
Add the following lines to the file, if doesn’t exist
/usr/local/ubisecure/ubilogin-sso/ubilogin/unix.config
Code Block language xml theme Default tomcat.instancename = ubilogin-server openldap.instancename = ubilogin-directory openldap.root= uid=System,ou=System,@suffix@
Copy the following files and directories from the previous installation to the matching
ubilogin-sso
directory. Note that both Tomcat and Ubisecure SSO logs are retained.Code Block language xml theme Default /usr/local/ubisecure/ubilogin-sso-old/ubilogin/custom/* /usr/local/ubisecure/ubilogin-sso-old/ubilogin/config.index /usr/local/ubisecure/ubilogin-sso-old/ubilogin/methods/* /usr/local/ubisecure/ubilogin-sso-old/ubilogin/logs/* /usr/local/ubisecure/ubilogin-sso-old/tomcat/logs/* /usr/local/ubisecure/ubilogin-sso-old/ubilogin/webapps/uas/WEB-INF/uas.properties /usr/local/ubisecure/ubilogin-sso-old/ubilogin/webapps/cdc/WEB-INF/config.properties
If robots.txt has been changed, copy the following file from the previous installation to the matching
ubilogin-sso
directory:Code Block language xml theme Default /usr/local/ubisecure/ubilogin-sso-old/ubilogin/webapps/ROOT/robots.txt
If the Password reset and password change application is used, copy the following files and directories from the previous installation to the matching
ubilogin-sso
directory:Code Block language xml theme Default /usr/local/ubisecure/ubilogin-sso-old/ubilogin/webapps/password/WEB-INF/password.properties /usr/local/ubisecure/ubilogin-sso-old/ubilogin/webapps/password/WEB-INF/saml2
Edit/usr/local/ubisecure/ubilogin-sso/Ubilogin/config/tomcat/conf/server.xml
and uncomment following line:<Context path="/password" docBase="${catalina.base}/webapps/password"/>
Also check
/usr/local/ubisecure/ubilogin-sso-old/Ubilogin/webapps/password/WEB-INF/web.xml
for mail.smtp.host and mail.smtp.from configuration and copy those to new web.xml (/usr/local/ubisecure/ubilogin-sso/ubilogin/webapps/password/WEB-INF/web.xml
)Note NOTE:
Common Domain Cookie Discovery
Check from the current installation if Common Domain Cookie Discovery is installed or SAML Compatibility Flags have been used. To check, examine the file
Code Block language xml theme Default /usr/local/Ubisecure/ubilogin-sso-old/tomcat/conf/server.xml
If the path /cdc is not commented out, Common Domain Cookie Discovery has been enabled in the previous installation.
If Common Domain Cookie Discovery has been installed prior to the upgrade, re-enable the settings after upgrade according to the Common Domain Cookie Discovery Installation document.
SAML Compatibility Flags
Older versions of SSO stored server-level SAML Compatibility Flags in the application configuration files. These flags are now stored in LDAP and managed through the user interfaces.
If SAML Compatibility Flags have been activated prior to the upgrade remember to set those again manually. To check, examine
Code Block language xml theme Default /usr/local/Ubisecure/ubilogin-sso-old/ubilogin/webapps/WEB-INF/uas.properties
If the line
Code Block language xml theme Default com.ubisecure.ubilogin.uas.saml2.compatibility =
exists and is not blank, make a note of all values and copy them later to the main screen of SSO Management to the field Compatibility Flags when installation is completed. Multiple values are separated with a whitespace character. The values are case sensitive. The values should remain visible on the screen after pressing Update. If the value disappears, check for typing errors.
If the environment has an external SQL database, copy the jdbc driver provided by the database vendor from the previous installation to the matching ubilogin-sso/java directory:Code Block language xml theme Default cp /usr/local/ubisecure/ubilogin-sso-old/java/windows-x64/jre/lib/ext/{INSERT DRIVER FILENAME} /usr/local/ubisecure/ubilogin-sso/java/windows-x64/jre/lib/ext
Run the setup script:
Code Block language xml theme Default cd /usr/local/ubisecure/ubilogin-sso/ubilogin ./setup.sh
Remove old OpenLDAP installation and Restore the Ubisecure Directory from the backup
Code Block language xml theme Default ./ldap/openldap/remove.sh ./ldap/openldap/install.sh --no-initdata su ubilogin -c "/usr/local/ubisecure/ubilogin-sso/openldap/libexec/slapd -T add -f "/usr/local/ubisecure/ubilogin-sso/openldap/etc/openldap/slapd.conf" -l /home/ubilogin/database.ldif"
Start the ubilogin-directory daemon:
Code Block language xml theme Default /etc/init.d/ubilogin-directory start
If you are upgrading from Ubisecure SSO 6.0.0 or 6.0.1 to 6.x, follow the instructions listed in the document Ubisecure SSO Authentication Migration. With newer versions, you can skip this step.
Import the new LDAP secrets file:
Code Block language xml theme Default ./ldap/openldap/import.sh ldap/secrets.ldif
Reinstall Tomcat configuration and restart ubilogin-server:
Code Block language xml theme Default cd /usr/local/ubisecure/ubilogin-sso/ubilogin ./config/tomcat/remove.sh ./config/tomcat/install.sh /etc/init.d/ubilogin-server start
The system upgrade is complete.
Note NOTE: If you have Ubisecure CustomerID installed, you need to copy the Authorizer files at this point. For instructions, please see Related tasks when upgrading SSO in Linux - CustomerID.
- Remove the backed up
ubilogin-sso-old
directory, or rename and retain it as desired. - Clear your web browser’s cache before accessing the user interface.
The user interface has changed in version 7.1 to support responsive design. Existing user interfaces are supported, but must be updated to enable backward compatibility. directory. For each template.properties file in the custom/templates directory, add the following text as the first line of the file
Code Block language xml theme Default # enable backward compatibility for SSO 6.x templates @import = sso6
If the template contains a CSS reference, add the following line to the top of the referenced CSS file.
Code Block language xml theme Default /* enable backward compatibility for SSO 6.x templates */ @import "sso6.css";
If the CSS file contains references to graphical or other resources hosted by the Ubisecure SSO as a resource, ensure the resource path is a relative path. An example is shown below:
Code Block language xml theme Default #intro { background-image: url("resource/intro-box-custom-background.png") }
Test all custom user interfaces. To implement a responsive design, create a new template, removing the “import” lines and adjust the CSS tags to match new CSS design. The responsive CSS is available after default installation at the address (where UAS_URL is the hostname for the installation):
Code Block language xml theme Default https://UAS_URL/uas/template/default/default.css