...
The key location is defined during installation with property accounting.secret-key-location in win32.config/unix.config. The size and quality of the key in the file affects to the cryptographic strength of the result. HOW DOES IT AFFECT IT IN PRACTICE, WHAT IS UBISECURE'S RECOMMENDATION? You can create a random seed based key contents e.g. with the following kind of script or with some password generation utility.COMMENT: Can't we add a script for this and run it within setup, or add instructions to installation/update guide to run it? If password generation utility is used, are there recommendations, like minimum size etc?
Linux:
| Code Block | ||
|---|---|---|
| ||
cat /dev/urandom \
| tr -dc 'a-zA-Z0-9' \
| fold -w 32 \
| head -n 1 \
| sha256sum \
| awk '{ print $1 }' \
> /usr/local/ubisecure/ubilogin-sso/accounting/config/accounting-service.secret |
In Windows you can do the similar with Powershell. THIS IS NOT ENOUGH IN INSTALLATION/UPGRADE GUIDE, A SPECIFIC SCRIPT IS NEEDED.
OAuth2 authentication
During the SSO installation process an OAuth 2.0 application named Accounting is created in SSO. The installation process creates a random client ID and secret which it uploads as metadata into the SSO application and stores into Accounting Service properties file.
...