Versions Compared

Version Old Version 1 New Version 2
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2.0

...

First install the UAS SAML metadata by selecting the [SAML 2.0] link on the Ubisecure Server Management front page. Save the metadata file in the directory
ubilogin-sso/ubilogin/webapps/password/WEB-INF/saml2/sp/metadata.

Image RemovedImage Added

Figure 2. Select SAML 2.0 to save IDP metadata file.

...

In Ubisecure Server Management, select System PasswordAgents Applications Password Activate. Then upload the generated ubilogin-sso/password.xml file.

Image RemovedImage Added

Figure 3. Select Activate to upload SAML Metadata of the Password application

Configure Mail Settings

...

Ubisecure Password uses email when performing the password reset functionality. Mail settings need to be configured to the ubilogin-sso/ubilogin/webapps/password/WEB-INF/web.xml file. Uncomment the context-param elements that contain mail.smtp.host and mail.smtp.from param-names. Edit the param-values according to your environment.

...

  • In Ubisecure Server Management, navigate to the Password site: select System → Password
  • Add the password.ad.1 authentication method to the site: select Site Methods → Add… → password.ad.1 → OK
  • Add AD users to the Password Users group by using the dynamic members functionality. (The following configuration is just an example. You will probably have a more detailed definition for the included users.)

...

    • Server: ldaps://ad.example.com/
    • Distinguished Name: dc=ad,dc=example,dc=com
    • Attributes: <empty>
    • Scope: sub
    • Filter: (objectClass=person)
    • Extensions: <empty>


See Figure 20 4 and Figure 21 5 below for examples.

Image RemovedImage Added

Figure 4. The group Password Users defines which users can change their password


Image RemovedImage Added

Figure 5. Add AD Users to the Password Users group using Group Dynamic Members

  • Enable password.ad.1 authentication method for the Password web agent:select the site Password → Agents → Password → Applications → Password → Allowed Methods → password.ad.1 → Update

...

Remove the file ubilogin-sso/tomcat/conf/Ubilogin/idp.example.com/password.xml. Then run update the update:

...

Links can be added to the Ubisecure SSO user interface using the *LINKS settings described in the SSO UI Customization documentation.

...