Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2

Ubisecure CustomerID needs an access to the main user LDAP directory and a directory service is needed to establish this connection. To create the service open Ubisecure SSO Management.

  1. Access the URL UAS_URL/ubilogin in a browser
  2. Create a new Service in Services tab (Select Home Services New Service...)
    • Title: 
      CustomerID Directory
    • Directory type: 
      Ubilogin Directory
       or  Active Directory
      Select  Active Directory  only when external AD is used for CustomerID user storage. Typically Ubilogin Directory is used.

      Image Removed

      Image Added


  3. Click OK
  4. Append one of the following two configurations to the existing text in the "Configuration String" field, depending if UbiloginDirectory or Active Directory is used for CustomerID user data storage: Typically Ubilogin Directory is used.
    Ubilogin Directory: 

    Code Block
    languagetext
    themeRDark
    policy.password.encoding={SSHA}
    directory=ldap:///{LDAP root}
    policy.password.protocol=UbiloginDirectory
    password-name=password.2

    Active Directory: 

    Code Block
    languagetext
    themeRDark
    java.naming.ldap.attributes.binary=objectGUID
    policy.password.protocol=ActiveDirectoryDs
    password-name=password.2

    You can check the value of {LDAP root} for example from the jndi.properties file situated in the %PROGRAMFILES%\Ubisecure\customerid\application\ /usr/local/ubisecure/customerid/application/custom folder. The value is the LDAP root part of the java.naming.provider.url property. Example: 

    Code Block
    languagetext
    themeRDark
    java.naming.provider.url = ldap://localhost:389/cn=Ubilogin,dc=test
    CustomerID Directory SettingsImage Removed


    Image Added


  5. For clustered Ubisecure SSO you will need the following following settings in the CustomerID Directory settings in the Ubisecure SSO Home Services tab → CustomerID Directory Configuration String

    Code Block
    languagetextthemeRDark
    com.ubisecure.util.ldap.server.list=<ldap://server1:port/> <ldap://server2:port/>
    com.ubisecure.util.ldap.failover.type=single-master (default is multi-master)
    com.sun.jndi.ldap.connect.timeout=15000 (in milliseconds)
    com.sun.jndi.ldap.read.timeout=15000 (in milliseconds)
    com.ubisecure.util.ldap.maxage=120000 (in milliseconds)
    com.ubisecure.util.ldap.auth.pool.max=8


  6. Click Update
  7. Restart Ubisecure SSO from command line

    Code Block
    languagetextthemeRDark
    /etc/init.d/ubilogin-server stop
    /etc/init.d/ubilogin-server start