Accounting Service data and endpoints are secured:
...
The key location is defined during installation with property accounting.secret-key-location in win32.config/unix.config. The size and quality entropy of the key in the file affects to the cryptographic strength of the pseudonym computed from an actual username; and the stronger the pseudonym, the more difficult it is to compute the username from it. Ubisecure recommends using a string of 64 random alphanumeric characters as the resultkey. You can create a random seed based key contents e.g. with the following kind of script or with of recommended entropy with the scripts below. Alternatively you can use some password generation utility.
Linux / Bash:
| Code Block | ||
|---|---|---|
| ||
mkdir -p /usr/local/ubisecure/ubilogin-sso/accounting/config \ && cat /dev/urandom \ | tr -dc 'a-zA-Z0-9' \ | fold -w 3264 \ | head -n 1 \ | sha256sum \ | awk '{ print $1 }' \ > /usr/local/ubisecure/ubilogin-sso/accounting/config/accounting-service.secret |
In Windows you can do the similar with Powershell.Windows / Powershell (Run as Administrator):
| Code Block | ||
|---|---|---|
| ||
$path = "C:\Program Files\Ubisecure\ubilogin-sso\accounting\config"
$file = $path + "\accounting-service.secret"
$chars = [char[]]"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
if (Test-Path $file) {
Remove-Item -Path $file
}
if (!(Test-Path $path)) {
New-Item -path $path -type directory
}
foreach ($i in 1..64) {
Get-Random -Count 1 -InputObject $chars | Out-File -Append -Encoding ASCII -NoNewLine -FilePath $file
} |
OAuth2 authentication
During the SSO installation process an OAuth 2.0 application named Accounting is created in SSO. The installation process creates a random client ID and secret which it uploads as metadata into the SSO application and stores into Accounting Service properties file.
...