Contents
| Table of Contents | ||
|---|---|---|
|
Introduction
The Ubisecure SSO configuration files use a macro language that can, for our purposes, be described in the following way:
...
- The variable compile.dir is the base directory of the Ubisecure SSO installation, e.g., C:\Program Files\Ubisecure\ubilogin-sso\ubilogin.
Processing suffixes
Variable suffixes in the macro language may or may not contain special processing rules. If a variable ends with a special processing suffix, the preceding string is evaluated recursively and then the final processing suffix is applied to the current value. Processing suffixes are, as follows:
...
| Note |
|---|
NOTE: The individual Ubisecure applications below are using the default @uas.url@ parameter. This means that all of the required applications are installed to the same address. Each application will have its name appended to the url address. In demonstration and development environments, no changes are typically required. If you wish to install components to different addresses, you must change the value to match the desired destination. For example, the applications:
are typically public applications available to all end users. The applications
however are for system administrators. To publish system administrator tools at a different address (e.g., an intranet domain), adjust the application URLs accordingly, e.g.:
See below for settings uas.url, password.url, ubilogin.url, logviewer.url and search.url. |
Parameters
master.secret
| Code Block | ||
|---|---|---|
| ||
master.secret = |
The encryption keys for confidential values stored in the Ubisecure Directory are derived from the master.secret value. If you are upgrading (seeUpgrade - SSO Upgrade) or reinstalling then you must use the existing master.secret value for your directory.
The default value is empty. The empty value is an indication for the setup script to securely generate a new secret. The new generated secret is then stored in the configuration file.
suffix.pfx
| Code Block | ||
|---|---|---|
| ||
suffix.pfx = |
This field is a placeholder for the key pair required in SAML signing operations. A base64 encoded PKCS#12 file will be generated to this field by the setup script in Configuration and setup application to create configurations. The file is protected by the master.secret. Leave this field empty during initial installation.
uas.url
| Code Block | ||
|---|---|---|
| ||
uas.url = https://localhost:8443 |
...
This address must be accessible for all users of this installation. In an installation with front-end reverse proxy servers this address refers to the first front-end server that is accessible from the public network.
ubilogin.url
| Code Block | ||
|---|---|---|
| ||
ubilogin.url = @uas.url@ |
This is the publicly visible URL address of the Ubisecure SSO Management. The value must not include a path component and must not end with a ‘/’ character.
password.url
| Code Block | ||
|---|---|---|
| ||
password.url = @uas.url@ |
This is the publicly visible URL address of the Ubisecure Password management application. The value must not include a path component and must not end with a ‘/’ character.
logviewer.url
| Code Block | ||
|---|---|---|
| ||
logviewer.url = @uas.url@ |
This is the publicly visible URL address of the Ubisecure Logviewer application. The value must not include a path component and must not end with a ‘/’ character.
search.url
| Code Block | ||
|---|---|---|
| ||
search.url = @uas.url@ |
This is the publicly visible URL address of the Ubisecure Search application. The value must not include a path component and must not end with a ‘/’ character.
password.url
| Code Block | ||
|---|---|---|
| ||
password.url = @uas.url@ |
This is the publicly visible URL address of the Ubisecure Password application. The value must not include a path component and must not end with a ‘/’ character.
logs.dir
| Code Block | ||
|---|---|---|
| ||
logs.dir = @compile.dir@/logs |
The path of the folder for run-time generated log files. The default value is a logs sub-directory of the installation folder. Enter a fully qualified path without a trailing ‘/’ character.
netmask
| Code Block | ||
|---|---|---|
| ||
netmask = disabled |
The network address of the browser clients is used to keep track of user sessions. The netmask is used determine if the client’s network address is allowed to change. The default value disabled allows the client’s network address to change during a session, whereas the value 255.255.255.255 would not allow the address to change during a session.
system.password
| Code Block | ||
|---|---|---|
| ||
system.password = admin |
...
The default value must be changed immediately after installation. You can also leave this field empty and let the configuration application randomly generate a new password.
ldap.url
| Code Block | ||
|---|---|---|
| ||
ldap.url = ldap://localhost:389 |
...
If you are running the LDAP in the same server as Ubisecure SSO, please do not change the localhost address.
suffix
| Code Block | ||
|---|---|---|
| ||
suffix = cn=Ubilogin,@uas.url.host.dn@ |
...
- The directory name derived from the uas.url value https://localhost:8443 is cn=Ubilogin,dc=localhost
- The directory name derived from the uas.url value https://sso.example.com:8443 is cn=Ubilogin,dc=sso,dc=example,dc=com
password.encoding
| Code Block | ||
|---|---|---|
| ||
password.encoding = |
...
Please note that the password encoding of the Ubisecure SSO accounts is managed using the Ubisecure SSO Management application.
Reverse Proxy Configuration
| Code Block | ||
|---|---|---|
| ||
proxy.remote-addr-name = proxy.local.url = @uas.url@ |
...
| Code Block | ||
|---|---|---|
| ||
proxy.local.url = http://ubilogin.local |
Linux and OpenLDAP Settings
| Code Block | ||
|---|---|---|
| ||
ubilogin.run = /var/run/ubilogin openldap.root.password = secret ubilogin.unix.username = ubilogin ubilogin.unix.groupname = @ubilogin.unix.username@ |
...
The name of the user’s group for the user that will be used to run the Ubisecure SSO and the Ubisecure Directory processes.
Microsoft ADAM and Microsoft AD LDS Settings
| Code Block | ||
|---|---|---|
| ||
adam.instance = UbiloginDirectory adam.ldap.port = 389 adam.ldaps.port = 636 |
...
These settings will define the ADAM port numbers for plaintext and SSL protected communication
Tomcat Instance Name
tomcat.instancename = UbiloginServer
...