...
master.secret
| Code Block |
|---|
|
master.secret = |
The encryption keys for confidential values stored in the Ubisecure Directory are derived from the master.secret value. If you are upgrading (see SSO Upgrade) or reinstalling then you must use the existing master.secret value for your directory.
...
suffix.pfx
This field is a placeholder for the key pair required in SAML signing operations. A base64 encoded PKCS#12 file will be generated to this field by the setup script in Configuration and setup application to create configurations. The file is protected by the master.secret. Leave this field empty during initial installation.
uas.url
| Code Block |
|---|
|
uas.url = https://localhost:8443 |
...
ubilogin.url
| Code Block |
|---|
|
ubilogin.url = @uas.url@ |
This is the publicly visible URL address of the Ubisecure SSO Management. The value must not include a path component and must not end with a ‘/’ character.
password.url
| Code Block |
|---|
|
password.url = @uas.url@ |
This is the publicly visible URL address of the Ubisecure Password management application. The value must not include a path component and must not end with a ‘/’ character.
logviewer.url
| Code Block |
|---|
|
logviewer.url = @uas.url@ |
...
search.url
| Code Block |
|---|
|
search.url = @uas.url@ |
This is the publicly visible URL address of the Ubisecure Search application. The value must not include a path component and must not end with a ‘/’ character.
password.url
| Code Block |
|---|
|
password.url = @uas.url@ |
This is the publicly visible URL address of the Ubisecure Password application. The value must not include a path component and must not end with a ‘/’ character.
logs.dir
| Code Block |
|---|
|
logs.dir = @compile.dir@/logs |
...
netmask
| Code Block |
|---|
|
netmask = disabled |
The network address of the browser clients is used to keep track of user sessions. The netmask is used determine if the client’s network address is allowed to change. The default value disabled allows the client’s network address to change during a session, whereas the value 255.255.255.255 would not allow the address to change during a session.
system.password
| Code Block |
|---|
|
system.password = admin |
This is the initial password for the System Administrator account.
...
ldap.url
| Code Block |
|---|
|
ldap.url = ldap://localhost:389 |
This value specifies the network address of the Ubisecure Directory server. Consider using SSL encryption if the Ubisecure Directory is installed on a different host from the Ubisecure web applications. Example of the value when using SSL encryption:
| Code Block |
|---|
|
ldap.url = ldaps://directory-server:636 |
...
suffix
| Code Block |
|---|
|
suffix = cn=Ubilogin,@uas.url.host.dn@ |
...
password.encoding
| Code Block |
|---|
|
password.encoding = |
or
| Code Block |
|---|
|
password.encoding = {SSHA} |
...
Reverse Proxy Configuration
| Code Block |
|---|
|
proxy.remote-addr-name =
proxy.local.url = @uas.url@ |
...
The value “X-Forwarded-For” is commonly used by proxy servers to pass the address of the requesting client:
| Code Block |
|---|
|
proxy.remote-addr-name = X-Forwarded-For |
...
In case there is a reverse proxy server acting in front of the Ubisecure SSO, proxy.local.url specifies the URL that will be used by the reverse proxy when accessing the Ubisecure SSO. In this case the reverse proxy server could have the publicly visible URL address while the URL specified here need only be locally accessible
| Code Block |
|---|
|
proxy.local.url = http://ubilogin.local |
Linux and OpenLDAP Settings
| Code Block |
|---|
|
ubilogin.run = /var/run/ubilogin
openldap.root.password = secret
ubilogin.unix.username = ubilogin
ubilogin.unix.groupname = @ubilogin.unix.username@ |
...
Microsoft ADAM and Microsoft AD LDS Settings
| Code Block |
|---|
|
adam.instance = UbiloginDirectory
adam.ldap.port = 389
adam.ldaps.port = 636 |
...