Step-by-step guide
...
(* in this example, the localhost is the original address that was used during the initial installation. This could be different in you environment.
- Open server.xml –file under …\ubilogin-sso\ubilogin\custom\tomcat –folder on Windows or /usr/local/ubisecure/ubilogin-sso/ubilogin/custom/tomcat directory on Linux.
Change the old address and port in server.xml.
Code Block title server.xml <Server port="-1"> <Service name="SSO"> <Connector port="9443" scheme="https" secure="true" proxyName="new_address.com" proxyPort="9443" maxThreads="150" protocol="HTTP/1.1" useBodyEncodingForURI="true" maxHttpHeaderSize="65536" SSLEnabled="true" sslProtocol="TLS" clientAuth="false" keystoreFile="C:\Program Files\Ubisecure\ubilogin-sso\ubilogin/custom/tomcat/keystore.pfx" keystorePass="changeit" keystoreType="PKCS12" /> <Engine name="SSO" defaultHost="new_address.com"> <Host name="new_address.com" appBase="404" unpackWARs="false" autoDeploy="false">
- Save the files, open the command prompt as Administrator, and run setup.cmd on that same directory (…\ubilogin-sso\ubilogin).
Import new Ubisecure SSO application secrets to LDAP
Code Block title Import SSO application secrets on Windows cd /d "C:\ubisecure\ubilogin-sso\ubilogin" ldap\adam\import.cmd ldap\secrets.ldif
Code Block title Import SSO application secrets on Linux cd /usr/local/ubisecure/ubilogin-sso/ubilogin ./ldap/openldap/import.sh ldap\secrets.ldif
Deploy Ubisecure SSO applications to Tomcat on Windows
Code Block title Deploy SSO applications to Tomcat on Windows ..\ubilogin-sso\ubilogin\config\tomcat\update.cmd
Code Block title Deploy SSO applications to Tomcat on Linux ./../ubilogin-sso/ubilogin/config/tomcat/update.sh
- Ubisecure SSO is now working with the new address/port. The Ubisecure SSO metadata has changed. Make sure the new metadata is updated in all integrated applications.
Note | ||
---|---|---|
| ||
The LDAP suffix can be found in file C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\uas\WEB-INF\jndi.properties: java.naming.security.principal = cn=Server,ou=System,cn=Ubilogin,dc=login,dc=localhost,dc=com Copy it starting at "cn=Ubilogin" to win32.config: suffix=cn=Ubilogin,dc=login,dc=localhost,dc=com |
...
- Copy your pfx file to C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat
Edit C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\conf\server.xml
Panel keystoreFile="C:\Program Files\Ubisecure\ubilogin-sso\ubilogin/custom/tomcat/mycert.pfx"
keystorePass="mypassword" keystoreType="PKCS12"Add certificate to cacerts
Panel - First find out the alias (te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8 below)
C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>"%JRE_HOME%\bin\keytool.exe" -list -keystore "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\ubidemo.pfx" -storepass <Enter password>
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8, Sep 2, 2021, PrivateKeyEntry,
Certificate fingerprint (SHA1): EF:CB:21:BB:07:13:A7:BE:C6:0C:24:03:0A:18:C6:60:78:B8:5E:27
- Then add to cacerts
C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>"%JRE_HOME%\bin\keytool.exe" -exportcert -keystore "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\ubidemo.pfx" -alias te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8 -storepass <Enter password> | "%JRE_HOME%\bin\keytool" -importcert -keystore "%JRE_HOME%"\lib\security\cacerts -storepass changeit -alias ubisecure-sso-servercert -noprompt
Certificate was added to keystore- Run tomcat update
- Change login page links if any
Note | ||
---|---|---|
| ||
All OIDC and SAML integrations need a new metadata / configuration if the host name was changed |
Related articles
Filter by label (Content by label) | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...