Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Info

These are the upgrade instructions to the latest release: SSO 9.1. If you are upgrading from a SSO 8.x.x version, ensure the upgrade steps to SSO 9.0 (Java11) have been considered.

Note: we have removed all upgrade steps for SSO 8.x.x to SSO 9.0.0 - please ensure you follow the required upgrade instructions to move from SSO 8.x.x to SSO 9.0.0 then follow these upgrade steps to SSO 9.1.0

...

  1. Stop the services that are running, ubisecureaccounting is a new service since 8.4. 

    Code Block
    languagexml
    themeDefault
    net stop ubiloginserver
net stop ubilogindirectory
net stop ubisecureaccounting


  2. Backup and restore - Ubisecure Directory

  3. Remove SSO and Accounting Service Windows service configurations

    Code Block
    languagexml
    themeDefault
    cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
config\tomcat\remove.cmd


  4. Move the existing installation to ubilogin-sso-old directory.  

    Code Block
    languagexml
    themeDefault
    cd "C:\Program Files\Ubisecure\"
move ubilogin-sso ubilogin-sso-old


  5. Extract the archive ubilogin-sso-8.x.x.xxxxx.zip to a temporary location.
  6. Move the complete unzipped ubilogin-sso directory from the distribution package to C:\Program Files\Ubisecure.

  7. Copy win32.config and  config.index file from the older version. Overwrite config.index.

    Code Block
    languagexml
    themeDefault
    copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\win32.config" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\win32.config"
copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\config.index" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config.index"


  8. Verify the following Accounting Service related settings in C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\win32.config are according to your requirements, check these guidelines.

    Code Block
    languagexml
    themeDefault
    # Accounting configuration
accounting.url = https://localhost:8442
accounting.proxy.local.url = @accounting.url@
accounting.instancename = UbisecureAccounting
accounting.username = @tomcat.username@
accounting.datasource.url = jdbc:postgresql://localhost:5432/accountingdb
accounting.datasource.username = 
accounting.datasource.password = 
accounting.secret-key-location-uri = file:///${user.dir}/config/accounting-service.secret
accounting.actuator.username = accounting_admin
accounting.actuator.password = 
accounting.jms.broker.port = 36161
accounting.jms.broker.socket-timeout-ms = 10


  9. Depending of the location of your Accounting Service secret key you may need to copy the file from the older version. NOTE: The secret key must be the same during the entire reporting period which is a month, see Accounting Service security. Example (use the path you have set in the configuration):

    Code Block
    languagexml
    themeDefault
    mkdir "C:\Program Files\Ubisecure\ubilogin-sso\accounting\config"
copy "C:\Program Files\Ubisecure\ubilogin-sso-old\accounting\config\accounting-service.secret" "C:\Program Files\Ubisecure\ubilogin-sso\accounting\config"


  10. Copy the following files and directories (recursively) from the previous installation to the matching ubilogin-sso directory. Note that Tomcat, Ubisecure SSO, and Accounting Service logs are retained.

    Note

    Verify that the Accounting Service custom configuration file:

    Code Block
    languagetext
    C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\custom\accounting\config\application.yaml

    is compatible with the version in the installation package located at

    Code Block
    languagetext
    C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\accounting\config\application.yaml


    See also Accounting Service additional configuration.


    Code Block
    languagexml
    themeDefault
    xcopy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\custom" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom" /e /y
xcopy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\methods" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\methods" /e /y
xcopy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\logs" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\logs" /e /y
xcopy "C:\Program Files\Ubisecure\ubilogin-sso-old\tomcat\logs" "C:\Program Files\Ubisecure\ubilogin-sso\tomcat\logs" /e /y
xcopy "C:\Program Files\Ubisecure\ubilogin-sso-old\accounting\logs" "C:\Program Files\Ubisecure\ubilogin-sso\accounting\logs" /e /y
copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\cdc\WEB-INF\config.properties" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\cdc\WEB-INF\config.properties"
copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\ROOT\robots.txt" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\ROOT\robots.txt"


  11. Check the Common Domain Cookie Discovery.

    Note

    NOTE:

    Common Domain Cookie Discovery: Check from the current installation if Common Domain Cookie Discovery is installed . To check, examine the file

    Code Block
    languagexml
    themeDefault
    C:\Program Files\Ubisecure\ubilogin-sso-old\tomcat\conf\server.xml

    If the path /cdc is not commented out, Common Domain Cookie Discovery has been enabled in the previous installation.If Common Domain Cookie Discovery has been installed prior to the update, re-enable the settings after update according to the Common Domain Cookie Discovery document.


  12. Run the setup script

    Info
    titleTip

    Before running the setup script check if you want to preserve some of the settings that may otherwise be regenerated, see: Preserve essential configuration settings in upgrade.


    Note
    NOTE: Ubisecure System Administrator password will be reset after upgrading the directory. The password will be set to the default value specified in the configuration file (win32.config or unix.config) with the key system.password.
    You should either
    a) Set the default password in the configuration file to a new stronger password before updating, or
    b) Block external HTTP/S access to the system during the update process. You will be prompted to enter a new system password during the first login attempt. After the password is changed, unblock access to the system.


    Code Block
    languagexml
    themeDefault
    cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
setup.cmd


  13. After the setup script, you may still need to check some files from the backup folder if you have customized them. Compare the files under C:\Program Files\Ubisecure\ubilogin-sso-old with the ones under C:\Program Files\Ubisecure\ubilogin-sso and copy the necessary changes from:

    Code Block
    C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\uas\WEB-INF\uas.properties
C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\totp\WEB-INF\application.yaml


  14. Ensure that a supported version of PostgreSQL is installed and running - for supported versions, see System Recommendations), additional links in our documentation: PostgreSQL preparation on Windows,Upgrade and migrate to new version of PostgreSQL

  15. Start the UbiloginDirectory service

    Code Block
    languagexml
    themeDefault
    net start ubilogindirectory


  16. Upgrading Ubisecure Directory

    To update your ADAM or AD LDS installation, the schema and directory settings of the instance must be updated. Before starting, make sure that you are logged in with the same user account that was used to install ADAM or AD LDS.

    To update the schema and directory settings, execute the command adaminstall.cmd shown below.This command updates the LDAP schema and does not delete existing user or configuration data. 

    Code Block
    languagexml
    themeDefault
    cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\ldap"
adam\adaminstall.cmd

    Add new entries and update LDAP secrets:

    Code Block
    adam\import-changes.cmd


  17. Check Password application.

    Note

    NOTE:

    Password: Check from the current installation if Password application is enabled. To check, examine the file

    Code Block
    languagexml
    themeDefault
    C:\Program Files\Ubisecure\ubilogin-sso-old\tomcat\conf\server.xml

    If the path /password is not commented out, Password application has been enabled in the previous installation.

    Skip this step if the Password application is not enabled.

    Copy the following files to the matching ubilogin-sso directory:

    Code Block
    languagexml
    themeDefault
    C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\password\WEB-INF\password.properties
C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\password\WEB-INF\saml2

    Edit server.xml file and uncomment:
    <Context path="/password" docBase="${catalina.base}/webapps/password"/>

    Code Block
    languagexml
    themeDefault
    notepad C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\conf\server.xml

    Also check web.xml for mail.smtp.host and mail.smtp.from configuration and copy those to new web.xml (C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\password\WEB-INF\web.xml)

    Code Block
    languagexml
    themeDefault
    notepad C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\password\WEB-INF\web.xml


  18. Verify your Accounting Service customisation in C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\accounting\config\application.yaml appears as you require, check Accounting Service additional configuration about the properties to set. Remember secret key in the location referred by accounting.secret-key-location in win32.config must exist. See Accounting Service security about the usage of the key for pseudonymisation.

  19. Update Tomcat and Accounting Service configuration and restart the services. Since version 8.4 remove should be done before installation directory is replaced. About Accounting Service start see also Windows single node installation.

    Code Block
    languagexml
    themeDefault
    cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
config\tomcat\install.cmd


  20. Ensure that you have imported initial signing and decryption key via initial-key.ldif. This should have been completed during earlier upgrades.

    Note

    Import key operation needs to be done only once when upgrading from version 8.8.x or older to version 8.9.x or newer, and should not be done for any follow-up updates from 8.9.x or newer to newer versions.


  21. The system upgrade is complete, see also Single node installation finalization

    Note
    NOTE:   If you have Ubisecure CustomerID installed, you need to copy the Authorizer files at this point. For instructions, please see document Ubisecure CustomerID Installation, chapter Related tasks when upgrading SSO in Windows - CustomerID.


  22. Either securely remove the backed up ubilogin-sso-old directory, or rename it and store it in a secure location.  All configuration files in the old installation directory (win32.config and unix.config) should either be removed from the system or otherwise protected from unauthorized users.
  23. Clear your web browser’s cache before accessing the user interface.