Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 2
Info
Last reviewed: 2020-05-29
Note
IMPORTANT: Sign in using an Administrator account - the same account used during initial product installation.

...

Stop the services that are running, ubisecureaccounting is a new service since 8.4. 

Code Block
languagexml
themeDefault
net stop ubiloginserver
net stop ubilogindirectory
net stop ubisecureaccounting

...

Remove SSO and Accounting Service Windows service configurations

Code Block
languagexml
themeDefault
cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
config\tomcat\remove.cmd

...

Move the existing installation to ubilogin-sso-old directory.  

Code Block
languagexml
themeDefault
cd /d "C:\Program Files\Ubisecure\"
move ubilogin-sso ubilogin-sso-old

...

Copy win32.config and  config.index file from the older version. Overwrite config.index.

...

Info
Last reviewed: 2020-05-29


Note
IMPORTANT: Sign in using an Administrator account - the same account used during initial product installation.


  1. Make sure you have Java installed, JRE_HOME and JAVA_HOME set according to Installation requirements - SSO.
  2. Stop the services that are running, ubisecureaccounting is a new service since 8.4. 

    Code Block
    languagexml
    themeDefault
    copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\win32.config" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\win32.config"
    copynet stop ubiloginserver
    net stop ubilogindirectory
    net stop ubisecureaccounting
  3. Backup and restore - Ubisecure Directory
  4. Remove SSO and Accounting Service Windows service configurations

    Code Block
    languagexml
    themeDefault
    cd /d "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\config.index"
    "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config.index"
    If upgrading from version prior to 6.8, add the following lines to the file C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\win32.config, if not there yet. 
    config\tomcat\remove.cmd
    
  5. Move the existing installation to ubilogin-sso-old directory.  

    Code Block
    languagexml
    themeDefault
    tomcat.instancename = UbiloginServer
    tomcat.username = NT AUTHORITY\\LocalService
    adam.username = NT AUTHORITY\\NetworkService
    When upgrading from version 8.3.x or older, add the Accounting Service related settings if they do not exist in the file
    cd /d "C:\Program Files\Ubisecure\"
    move ubilogin-sso ubilogin-sso-old
  6. Extract the archive ubilogin-sso-8.x.x.xxxxx.zip to a temporary location.
  7. Move the complete unzipped ubilogin-sso directory from the distribution package to C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\.
  8. Copy win32.config and  config. Modify the settings according to these guidelines.index file from the older version. Overwrite config.index.

    Code Block
    languagexml
    themeDefault
    # Accounting configuration
    accounting.url = https://localhost:8442
    accounting.proxy.local.url = @accounting.url@
    accounting.instancename = UbisecureAccounting
    accounting.username = @tomcat.username@
    accounting.datasource.url = jdbc:postgresql://localhost:5432/accountingdb
    accounting.datasource.username = 
    accounting.datasource.password = 
    accounting.secret-key-location-uri = file:///${user.dir}/config/accounting-service.secret
    accounting.actuator.username = accounting_admin
    accounting.actuator.password = 
    accounting.jms.broker.port = 36161
    accounting.jms.broker.socket-timeout-ms = 10
  9. When upgrading from version 8.4 or later, copy Accounting Service logs from the old SSO version:

    Code Block
    languagexml
    themeDefault
    mkdir "C:\Program Files\Ubisecure\ubilogin-sso\accounting\logs"
    copy "C:\Program Files\Ubisecure\ubilogin-sso-old\accounting\logs" "C:\Program Files\Ubisecure\ubilogin-sso\accounting\logs"
  10. When upgrading from version 8.4 or later, depending of the location of your Accounting Service secret key you may need to copy the file from the older version. NOTE: The secret key must be the same during the entire reporting period which is a month, see Accounting Service security. Example (use the path you have set in the configuration):

    Code Block
    languagexml
    themeDefault
    mkdir copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\win32.config" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\win32.config"
    copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\config.index" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config.index"
  11. If upgrading from version prior to 6.8, add the following lines to the file C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\win32.config, if not there yet. 

    Code Block
    languagexml
    themeDefault
    tomcat.instancename = UbiloginServer
    tomcat.username = NT AUTHORITY\\LocalService
    adam.username = NT AUTHORITY\\NetworkService
  12. When upgrading to version 8.4 add the Accounting Service related settings if they do not exist in the file C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\win32.config. Modify the settings according to these guidelines.

    Code Block
    languagexml
    themeDefault
    # Accounting configuration
    accounting.url = https://localhost:8442
    accounting.proxy.local.url = @accounting.url@
    accounting.instancename = UbisecureAccounting
    accounting.username = @tomcat.username@
    accounting.datasource.url = jdbc:postgresql://localhost:5432/accountingdb
    accounting.datasource.username = 
    accounting.datasource.password = 
    accounting.secret-key-location-uri = file:///${user.dir}/config/accounting-service.secret
    accounting.actuator.username = accounting_admin
    accounting.actuator.password = 
    accounting.jms.broker.port = 36161
    accounting.jms.broker.socket-timeout-ms = 10
  13. If Accounting Service has already been installed and in use copy Accounting Service logs from the older version:

    Code Block
    languagexml
    themeDefault
    mkdir "C:\Program Files\Ubisecure\ubilogin-sso\accounting\configlogs"
    copy "C:\Program Files\Ubisecure\ubilogin-sso-old\accounting\config\accounting-service.secret" "C:\logs" "C:\Program Files\Ubisecure\ubilogin-sso\accounting\configlogs"
  14. Copy the following files and directories (recursively) from the previous installation to the matching ubilogin-sso directory. Note that both Tomcat and Ubisecure SSO logs are retained.If Accounting Service has already been installed and in use depending of the location of your Accounting Service secret key you may need to copy the file from the older version. NOTE: The secret key must be the same during the entire reporting period which is a month, see Accounting Service security. Example (use the path you have set in the configuration):

    Code Block
    languagexml
    themeDefault
    xcopymkdir "C:\Program Files\Ubisecure\ubilogin-sso-old\ubiloginaccounting\customconfig"
    copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\custom" /e /y
    xcopy accounting\config\accounting-service.secret" "C:\Program Files\Ubisecure\ubilogin-sso-old\ubiloginaccounting\methods" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\methods" /e /y
    xcopy "config"
  15. Copy the following files and directories (recursively) from the previous installation to the matching ubilogin-sso directory. Note that both Tomcat and Ubisecure SSO logs are retained.

    Code Block
    languagexml
    themeDefault
    C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\custom\logs"*
    "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\logs" /e /y
    xcopy "config.index
    C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\tomcatmethods\logs"*
    "C:\Program Files\Ubisecure\ubilogin-sso-old\tomcatubilogin\logs" /e /y
    copy "\*
    C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogintomcat\webapps\uas\WEB-INF\uas.properties" "logs\*
    C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\uas\WEB-INF\uas.properties"
    copy
    "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\cdc\WEB-INF\config.properties" "C:\Programproperties 
  16. If Updating to a version prior to 8.2, copy the following file from the previous installation to the matching ubilogin-sso directory.

    Code Block
    languagexml
    themeDefault
    C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\cdc\WEB-INF\config.properties" /y
    copy-old\java\windows-x64\jre\lib\security\cacerts
  17. If Updating from a version prior to 8.2 to version 8.2 or later and using an external user directory (other than Ubilogin Directory) or SMTP server, import the AD and/or SMTP server certificates to the Java keystore file. 

    Note
    NOTE: Java has been removed from the SSO installation since version 8.2. SSO uses currently Java in the C:\Program Files\Java\ directory.

    To view all certificates from the old java keystore file, execute the command:

    Code Block
    languagexml
    themeDefault
    C:\Program Files\Ubisecure\ubilogin-sso-old\java\windows-x64\jre\lib\security>..\..\bin\keytool -list -keystore cacerts

    To export a certificate from the old java keystore file, execute the command:

    Code Block
    languagexml
    themeDefault
    C:\Program Files\Ubisecure\ubilogin-sso-old\java\windows-x64\jre\lib\security>..\..\bin\keytool -exportcert -keystore cacerts -alias <"user_defined_alias"> -file <path_to_the_certificate_file>

    To import a certificate to the current java keystore, execute the command:

    Code Block
    languagexml
    themeDefault
    C:\Program Files\java\jrex.x.x_xxx\lib\security>..\..\bin\keytool -import -file <path_to_the_certificate_file> -alias <"user_defined_alias"> -keystore cacerts

    To verify that the certificate was succesfully added to the Java keystore, execute the command:

    Code Block
    languagexml
    themeDefault
    C:\Program Files\java\jrex.x.x_xxx\lib\security>..\..\bin\keytool -list -keystore cacerts -alias <"user_defined_alias">
  18. Check the Common Domain Cookie Discovery and SAML Compatibility Flags.

    Note

    NOTE:Common Domain Cookie DiscoveryCheck from the current installation if Common Domain Cookie Discovery is installed or SAML Compatibility Flags have been used. To check, examine the file

    Code Block
    languagexml
    themeDefault
    C:\Program Files\Ubisecure\ubilogin-sso-old\tomcat\conf\server.xml

    If the path /cdc is not commented out, Common Domain Cookie Discovery has been enabled in the previous installation.If Common Domain Cookie Discovery has been installed prior to the update, re-enable the settings after update according to the Common Domain Cookie Discovery Installation document.SAML Compatibility Flags. Older versions of SSO stored server-level SAML Compatibility Flags in the application configuration files. These flags are now stored in LDAP and managed through the user interfaces.If SAML Compatibility Flags have been activated prior to the update remember to set those again manually. To check, examine

    Code Block
    languagexml
    themeDefault
    C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\uas\WEB-INF\uas.properties

    If the line

    Code Block
    languagexml
    themeDefault
    com.ubisecure.ubilogin.uas.saml2.compatibility =

    exists and is not blank, make a note of all values and copy them later to the main screen of SSO Management to the field Compatibility Flags when installation is completed. Multiple values are separated with a whitespace character. The values are case sensitive. The values should remain visible on the screen after pressing Update. If the value disappears, check for typing errors.

  19. Run the setup script

    Note
    NOTE: Ubisecure System Administrator password will be reset after upgrading the directory. The password will be set to the default value specified in the configuration file (win32.config or unix.config) with the key system.password.
    You should either
    a) Set the default password in the configuration file to a new stronger password before updating, or
    b) Block external HTTP/S access to the system during the update process. You will be prompted to enter a new system password during the first login attempt. After the password is changed, unblock access to the system.
    Code Block
    languagexml
    themeDefault
    cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
    setup.cmd
  20. When upgrading to version 8.4 install and prepare PostgreSQL. Since SSO version 8.4 with Accounting Service feature access to PostgreSQL database is required for the service to run. If you have already installed Ubisecure CustomerID you can use the existing PostgreSQL installation but you need to create a specific database for this purpose. The necessary tables are automatically created during the initial startup of the Accounting Service. See PostgreSQL preparation on Windows for more information and steps to accomplish.

  21. Start the UbiloginDirectory service

    Code Block
    languagexml
    themeDefault
    net start ubilogindirectory
  22. Upgrading Ubisecure Directory

    To update your ADAM or AD LDS installation, the schema and directory settings of the instance must be updated. Before starting, make sure that you are logged in with the same user account that was used to install ADAM or AD LDS.

    To update the schema and directory settings, execute the command adaminstall.cmd shown below.This command updates the LDAP schema and does not delete existing user or configuration data. 

    Code Block
    languagexml
    themeDefault
    cd /d "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\ROOT\robots.txt" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\ROOT\robots.txt"
    Check the Common Domain Cookie Discovery.
    ldap"
    adam\adaminstall.cmd
    Note
    NOTE:

    Common Domain Cookie Discovery: Check from the current installation if Common Domain Cookie Discovery is installed . To check, examine the file

    Code Block
    languagexml
    themeDefault
    C:\Program Files\Ubisecure\ubilogin-sso-old\tomcat\conf\server.xml

    If the path /cdc is not commented out, Common Domain Cookie Discovery has been enabled in the previous installation.If Common Domain Cookie Discovery has been installed prior to the update, re-enable the settings after update according to the Common Domain Cookie Discovery document.

    Run the setup script

    Note
    NOTE: Ubisecure System Administrator password will be reset after upgrading the directory. The password will be set to the default value specified in the configuration file (win32.config or unix.config) with the key system.password.
    You should either
    a) Set the default password in the configuration file to a new stronger password before updating, or
    b) Block external HTTP/S access to the system during the update process. You will be prompted to enter a new system password during the first login attempt. After the password is changed, unblock access to the system.  Please note that the system password is reset to the value contained in ubilogin\ldap\system-password.ldif

    At minimum you need to add Accounting Service related settings to LDAP use e.g. this command:

    Code Block
    adam\import-changes.cmd
  23. If robots.txt has been changed, copy the following file from the previous installation to the matching ubilogin-sso directory:

    Code Block
    languagexml
    themeDefault
    C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\ROOT\robots.txt
  24. If the Password reset and password change application is used, copy the following files and directories from the previous installation to the matching ubilogin-sso directory. Also, edit the server.xml file and check the web.xml file configuration. Skip this step if the Password reset and password change application is not used.Copy the following files to the matching ubilogin-sso directory:

    Code Block
    languagexml
    themeDefault
    cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
    setup.cmd
    When upgrading from version 8.3.x or older, install and prepare PostgreSQL. Since SSO version 8.4 with Accounting Service feature access to PostgreSQL database is required for the service to run. If you have already installed Ubisecure CustomerID you can use the existing PostgreSQL installation but you need to create a specific database for this purpose. The necessary tables are automatically created during the initial startup of the Accounting Service. See PostgreSQL preparation on Windows for more information and steps to accomplish.
    Start the UbiloginDirectory service
    -old\ubilogin\webapps\password\WEB-INF\password.properties
    C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\password\WEB-INF\saml2

    Edit server.xml file and uncomment:
    <Context path="/password" docBase="${catalina.base}/webapps/password"/>

    Code Block
    languagexml
    themeDefault
    net start ubilogindirectory
    Upgrading Ubisecure Directory
    To update your ADAM or AD LDS installation, the schema and directory settings of the instance must be updated. Before starting, make sure that you are logged in with the same user account that was used to install ADAM or AD LDS.

    To update the schema and directory settings, execute the command adaminstall.cmd shown below.This command updates the LDAP schema and does not delete existing user or configuration data. 

    Code Block
    languagexml
    themeDefault
    cd /d "C:\Program notepad C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\conf\server.xml
    

    Also check web.xml for mail.smtp.host and mail.smtp.from configuration and copy those to new web.xml (C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\

    ldap" adam\adaminstall.cmdWHAT IS THE MEANING OF THIS NOTE? Isn't the password restored by following the steps below? Why it's important to note this, what should the installer do based on this information?
    Note
    NOTE:  Please note that the system password is reset to the value contained in ubilogin\ldap\system-password.ldif

    THE FOLLOWING IS VERY UNCLEAR. Should the command be run or not? What else should/could be done ("at minimum")?
    At minimum you need to add Accounting Service related settings to LDAP use e.g. this command:

    Code Block
    adam\import-changes.cmd

    HOW TO CHECK IF THESE APPLICATIONS ARE USED OR NOT?
    If the Password reset and password change application is used, copy the following files and directories webapps\password\WEB-INF\web.xml)

    Code Block
    languagexml
    themeDefault
    notepad C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\password\WEB-INF\web.xml
    
  25. If the environment has an external SQL database, copy the JDBC driver provided by the database vendor from the previous installation to the matching ubilogin-sso directory. Also, edit the server.xml file and check the web.xml file configuration. Skip this step if the Password reset and password change application is not used.
    PASSWORD-RESET MISSING HERE?
    Copy the following files to the matching ubilogin-sso directoryjava directory depending on the old and new SSO versions. Skip the step if the environment does not have an external SQL database or if both old and new SSO versions are 8.2 or later.Old and new SSO versions prior 8.2:

    C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\password\WEB-INF\password.properties
    Code Block
    languagexml
    themeDefault
    copy C:\Program Files\Ubisecure\ubilogin-sso-old\java\ubiloginwindows-x64\webappsjre\passwordlib\WEB-INF\saml2

    Edit server.xml file and uncomment:
    <Context path="/password" docBase="${catalina.base}/webapps/password"/>

    Code Block
    languagexml
    themeDefault
    notepadext\{INSERT DRIVER FILENAME} C:\Program Files\Ubisecure\ubilogin-sso\ubiloginjava\configwindows-x64\tomcatjre\conf\server.xml
    
    Also check web.xml for mail.smtp.host and mail.smtp.from configuration and copy those to new web.xml (
    lib\ext

    Old SSO version prior to 8.2 and new SSO version 8.2 or later:

    Code Block
    languagexml
    themeDefault
    copy C:\Program Files\Ubisecure\ubilogin-sso
    \ubilogin\webapps\password\WEB-INF\web.xml)
    Code Block
    languagexml
    themeDefault
    notepad-old\java\windows-x64\jre\lib\ext\{INSERT DRIVER FILENAME} C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\password\WEB-INF\web.xml

    When upgrading from version 8.3.x or older, configure Accounting Service

    IF POSSIBLE, ADD CLEAR INSTRUCTIONS HERE INSTEAD OF THE LINK.
    Java\jrex.x.x_xxx\lib\ext{INSERT DRIVER FILENAME}
  26. When upgrading to version 8.4 configure Accounting Service

    Before continuing with the installation which will start the Accounting Service you need to enter and save the secret key contents in the location referred by accounting.secret-key-location in win32.config. See Accounting Service security about the usage of the key for pseudonymisation.

    You may also customise other Accounting Service configuration settings for your needs, which is recommended. See Accounting Service additional configuration about the properties to set.

    Note
    When customising edit this file which is copied from the installation package by the setup script: C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\accounting\config\application.yaml
  27. Update Tomcat and Accounting Service configuration and restart the services. Since version 8.4 remove should be done before installation directory is replaced. About Accounting Service start see also Windows single node installation.

    Code Block
    languagexml
    themeDefault
    cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
    config\tomcat\install.cmd
  28. The system upgrade is complete. See also Single node installation finalization.

    Note
    NOTE:   If you have Ubisecure CustomerID installed, you need to copy the Authorizer files at this point. For instructions, please see document Ubisecure CustomerID Installation, chapter Customer ID SSO Adapter Installation on Windows.
  29.  Either securely remove the backed up ubilogin-sso-old directory, or rename it and store it in a secure location.  All configuration files in the old installation directory (win32.config and unix.config) should either be removed from the system or otherwise protected from unauthorized users.
  30. Clear your web browser’s cache before accessing the user interface.
  31. The user interface has changed in version 7.1 to support responsive design. Existing user interfaces are supported, but must be updated to enable backward compatibility. directory. For each template.properties file in the custom\templates directory, add the following text as the first line of the file

    Code Block
    languagexml
    themeDefault
    # enable backward compatibility for SSO 6.x templates@import = sso6

    If the template contains a CSS reference, add the following line to the top of the referenced CSS file.

    Code Block
    languagexml
    themeDefault
    /* enable backward compatibility for SSO 6.x templates */@import "sso6.css";

    If the CSS file contains references to graphical or other resources hosted by the Ubisecure SSO as a resource, ensure the resource path is a relative path. An example is shown below:

    Code Block
    languagexml
    themeDefault
    #intro {
           background-image: url("resource/intro-box-custom-background.png")
    }

    Test all custom user interfaces. To implement a responsive design, create a new template, removing the “import” lines and adjust the CSS tags to match new CSS design. The responsive CSS is available after default installation at the address (where UAS_URL is the hostname for the installation): 

    Code Block
    languagexml
    themeDefault
    https://UAS_URL/uas/template/default/default.css

...