Versions Compared

Old Version 12

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2

Steps

Table of Contents
excludeSteps

Obtain and Install Oracle Server JRE 1.8.x and Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files

Set up a system wide JRE_HOME environment variable

  • In Linux the method and best practice may vary based on your distribution, but one of following approaches should work:
    • define JRE_HOME in the /etc/environment file
    • create a new file called e.g. /etc/profile.d/identity.server.sh and define JRE_HOME in it.
  • Set the JRE_HOME environment variable so it refers to the Server JRE's jre directory (e.g. JRE_HOME=/usr/local/java/jdk1.8.0_144/jre .)
  • Note, that /etc/sudoers may enforce a secure environment. Make sure that the configuration exports JRE_HOME and JAVA_HOME in /etc/sudoers.

Unpack the Software

Unpack the tar archive to /usr/local/ubisecure. Assuming the archive is in the current directory, we could do the following:

Code Block
languagebash
mkdir -p /usr/local/ubisecure
tar -xzvf ubilogin-sso-6.x.x.xxxxx.tar.gz -C /usr/local/Ubisecure

Install dependencies

For 64 bit Redhat linux, the glibc and libgcc packages for i686 must be installed, update needs to be run for 64bit version of libgcc to prevent version mismatch problem:

Code Block
languagebash
yum install glibc.i686
yum update libgcc
yum install libgcc.i686

Modify the Configuration Template

Copy the configuration template to /usr/local/ubisecure/ubilogin-sso/ubilogin:

...

Note

New LDAP passwords are generated every time the setup command is executed. For this reason, the secrets.ldif file must be imported to the LDAP directory after running the setup script. After this, the Tomcat update script must be run to have the applications use the new passwords. See Applications upgrade - SSO Applications Upgrade for more details about the update process.

Note

bad ELF interpreter” error indicates that glibc package for i686 has not been installed. Execute:

Code Block
languagebash
yum install glibc.i686

if the error is shown when using Redhat.

Set Up the System User

Run the following command to set up the system user ubilogin. The newly-created user will be used for running the Ubisecure SSO and Ubisecure Directory.

Code Block
languagebash
./config/unix/setupuser.sh

Install Ubisecure Directory

Install OpenLDAP using following command:

...

Note

When using LDAPS, cacert.pem, server certificate and server certificate key needs to be located at /usr/local/ubisecure/ubilogin-sso/openldap/etc/openldap/ and TLSCACertificateFile, TLSCertificateFile and TLSCertificateKeyFile needs to be uncommented from slapd.conf.

Install Ubisecure SSO Tomcat

Run the Tomcat install script to install and configure Tomcat to start automatically when Linux is started:

...

  1. Creates a self-signed SSL certificate for test purposes.
  2. Installs the applications in ubilogin/webapps for Tomcat.
  3. Creates the init scripts used to start and stop the Tomcat process.

Start Ubisecure SSO

Start the Ubisecure SSO process using the following commands.

...