Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.4

Ubisecure CustomerID needs an access to the main user LDAP directory and a directory service is needed to establish this connection. To create the service open Ubisecure SSO Management.

  1. Access the URL UAS_URL/ubilogin in a browser
  2. Create a new Service in Services tab (Select HomeServicesNew Service...)
    • Title: 
      CustomerID Directory
    • Directory type: 
      Ubilogin Directory
       or  Active Directory
      Select  Active Directory   only when external AD is used for CustomerID user storage. Typically Ubilogin Directory is used.

  3. Click OK
  4. Append one of the following two configurations to the existing text in the "Configuration String" field, depending if UbiloginDirectory or Active Directory is used for CustomerID user data storage: Typically Ubilogin Directory is used.
    Ubilogin Directory: 

    Code Block
    languagetext
    policy.password.encoding={SSHA}
    directory=ldap:///{LDAP root}
    policy.password.protocol=UbiloginDirectory
    password-name=password.2

    Active Directory: 

    Code Block
    languagetext
    java.naming.ldap.attributes.binary=objectGUID
    policy.password.protocol=ActiveDirectoryDs
    password-name=password.2

    You can check the value of {LDAP root} for example from the jndi.properties file situated in the /usr/local/ubisecure/customerid/application/custom folder. The value is the LDAP root part of the java.naming.provider.url property. Example: 

    Code Block
    languagetext
    java.naming.provider.url = ldap://localhost:389/cn=Ubilogin,dc=test

  5. For clustered Ubisecure SSO you will need to specify the following following settings in the CustomerID jndi.properties file situated in the /usr/local/ubisecure/customerid/application/custom folder. This needs to be done for all of the CustomerID nodes.

    Code Block
    languagetext
    com.ubisecure.util.ldap.server.list=<ldap://server1:port/> <ldap://server2:port/>
    com.ubisecure.util.ldap.failover.type=single-master (default is multi-master)
    com.sun.jndi.ldap.connect.timeout=15000 (in milliseconds)
    com.sun.jndi.ldap.read.timeout=15000 (in milliseconds)
    com.ubisecure.util.ldap.maxage=120000 (in milliseconds)
    com.ubisecure.util.ldap.auth.pool.max=8
  6. For clustered Ubisecure SSO you will need the following following settings in the CustomerID Directory settings in the Ubisecure SSO HomeServices tab → CustomerID DirectoryConfiguration String

    Code Block
    languagetext
    com.ubisecure.util.ldap.server.list=<ldap://server1:port/> <ldap://server2:port/>
    com.ubisecure.util.ldap.failover.type=single-master (default is multi-master)
    com.sun.jndi.ldap.connect.timeout=15000 (in milliseconds)
    com.sun.jndi.ldap.read.timeout=15000 (in milliseconds)
    com.ubisecure.util.ldap.maxage=120000 (in milliseconds)
    com.ubisecure.util.ldap.auth.pool.max=8
  7. Click Update
  8. Restart Ubisecure SSO from command line

    Code Block
    languagetext
    /etc/init.d/ubilogin-server stop
    /etc/init.d/ubilogin-server start