Versions Compared

Old Version 17

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2

...

Figure 1. Password Reset Application

Password Properties

The Ubisecure Password web application has some properties that need to be defined to the ubilogin-sso/ubilogin/webapps/password/WEB-INF/password.properties file.

Code Block
languagetext
themeDefault
titleListing 1. Password Properties
# authentication method name
com.ubisecure.ubilogin.password.method = password.external.1
 
# for ldap directory method specifies path to ldap connection properties
directory.jndi.properties = C:/Program Files/Ubisecure/ubilogin-sso/ubilogin/custom/jndi1.properties

Ubisecure Password SP Activation

First install the UAS SAML metadata by selecting the [SAML 2.0] link on the Ubisecure Server Management front page. Save the metadata file in the directory
ubilogin-sso/ubilogin/webapps/password/WEB-INF/saml2/sp/metadata.

...

Figure 3. Select Activate to upload SAML Metadata of the Password application

Configure Mail Settings

Ubisecure Password uses email when performing the password reset functionality. Mail settings need to be configured to the ubilogin-sso/ubilogin/webapps/password/WEB-INF/web.xml file. Uncomment the context-param elements that contain mail.smtp.host and mail.smtp.from param-names. Edit the param-values according to your environment.

Code Block
languagetext
themeDefault
titleListing 3. Excerpt from ubilogin-sso/ubilogin/webapps/password/WEB-INF/web.xml
    <context-param>
        <param-name>mail.smtp.host</param-name>
        <param-value>smtp-gw.example.com</param-value>
    </context-param>
    <context-param>
        <param-name>mail.smtp.from</param-name>
        <param-value>password@example.com</param-value>
    </context-param>

Enable Access to Ubisecure Password

  • In Ubisecure Server Management, navigate to the Password site:select System → Password
  • Add the password.external.1 authentication method to the site: select Site Methods → Add… → password.external.1 → OK
  • Add external directory users to the Password Users group by using the dynamic members functionality (The following configuration is just an example. You will probably have a more detailed definition for the included users):

...

    • Server:  ldaps://pdc.example.com/
    • Distinguished Name: dc=example,dc=com
    • Attributes: <empty>
    • Scope: sub
    • Filter: (objectClass=person)
    • Extensions: <empty>
  • Enable password.external.1 authentication method for the Password web application : select the site Password → Applications → Password → Allowed Methods → password.external.1 → Update

Enable Password Web Application

Remove the file ubilogin-sso/tomcat/conf/Ubilogin/idp.example.com/password.xml. Then run update the update:

...