Versions Compared

Old Version 9

changes.mady.by.user Elmeri Kokkonen

Saved on

compared with

New Version 10

changes.mady.by.user Nikolai Denissov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Make sure you have Java installed and JAVA_HOME set according to the Installation requirements - SSO.

Unpack the software

Unpack the tar archive to /usr/local/ubisecure.

...

Note
Before saving the changes modify additional Accounting Service related settings.

Example of modified Accounting Service related settings:

...

Note

New LDAP passwords are generated every time the setup command is executed. For this reason, the secrets.ldif file must be imported to the LDAP directory after running the setup script. After this, the Tomcat update script must be run to have the applications use the new passwords. See Applications upgrade - SSO for more details about the update process.

...

Since SSO version 8.4 with Accounting Service feature access to PostgreSQL database is required for the service to run. If you have already installed Ubisecure CustomerID you can use the existing PostgreSQL installation but you need to create a specific database for this purpose. The necessary tables are automatically created during the initial startup of the Accounting Service.

See PostgreSQL preparation on Linux for more information and steps to accomplish.

...

Before continuing with the installation which will start the Accounting Service you need to enter and save the secret key contents in the location referred by accounting.secret-key-location in unix.config. See Accounting Service security about the usage of the key for pseudonymisation. The page contains a suggested script to create a secure enough secret in the default location.

You may also customise other Accounting Service configuration settings for your needs, which is recommended. See Accounting Service additional configuration about the properties to set.

...

Since 8.4 installation script creates and configures a site named Accounting under System site with an OAuth 2.0 application named Accounting. This application is needed for the secured endpoints to access Accounting Service data. The application is allowed to a group named Accounting Users. The System Administrator user is by default added to this group but you can configure the users otherwise once Ubisecure SSO is running, see SSO Management UI Groups.

If the OpenLDAP install script prompts for LDAP Password, type secret and press return. 

...

  1. On the first time the necessary database tables are created in your database.
  2. If you are doing the initial Accounting Service installation and the service does not start you may need to change the Accounting Service related settings in the unix.config file before continuing. see Change configuration settings during installation process in Linux. See also Troubleshooting Accounting Service.

Note

Accounting Service should always be running before SSO is started or otherwise SSO log will be filled with errors but still keeps running if there is enough disk space. SSO can recover without a restart from Accounting Service restart if necessary.

...

Code Block
languagebash
systemctl start ubilogin-directory 
systemctl start ubilogin-server

Continue on page Installation finalisation to finalise and verify the installation.