This chapter gives further guidance on how to configure Active Directory integration to Ubisecure CustomerID.
Preliminary Tasks
Ubilogin Organization
You should first create a root organization in AD for Ubisecure CustomerID data. Traditionally the root organization has been called Ubilogin.
SSL Certificate
The usage of SSL is required when making the LDAP connection from Ubisecure SSO to Active Directory. First the SSL certificate needs to be created for example by using the Microsoft Certificate Authority. Then it needs to be added to both the Ubisecure SSO and Ubisecure CustomerID servers by adding it to the trusted certificates in the Java Runtime Environments.
In Windows the Java certificate storage is by default in the following file:
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
cd $JRE_HOME/lib/security keytool -importcert -keystore cacerts -trustcacerts -alias mytrustedca -file <insert filename here> -storepass changeit |
AD Integration User
A dedicated user should be created in Active Directory that can administer everything under the created Ubilogin organization.
CustomerID Directory
The directory service named CustomerID Directory is used to define the configuration used when establishing connections to Active Directory. Prior to Ubisecure CustomerID version 3.7.0 there was a separate file named ad_jndi.properties in the custom directory for the same purpose but that file is no longer read and should be removed. The directory service is still configured quite similarly as a JNDI properties file is written.
...
Ubisecure supports also other options related to LDAP client-side failover with replicated directories. Please refer to pages Installation - SSO Installation and Upgrade - SSO Upgrade for further instructions about enabling client-side failover.
eidm2.properties
There are some properties in the eidm2.properties file that are either crucial or extremely relevant for Active Directory integration. They are:
...