Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Add SSO Server Certificate to Java Trust Store

The SSO Management API, Password Reset application, and Accounting Service reporting endpoints connect to the TLS secured SSO endpoints, so the SSO server certificate need to added to the trust store of the Java Runtime Environment. SSO and Accounting Service restart is required.

How to add the SSO server certificate to the JRE trust store

Finalize and verify Accounting Service installation

  1. Verify that Ubisecure SSO starts without errors. If you see the following kind of entry in the ubilogin/logs/uas3_diag.YYYY-MM-DD.log  file you have not updated LDAP with the new accounting.ldif added to the SSO 8.4. version and you need to return to this step in the installation / upgrade process and execute at least the import-changes script.

    YYYY-MM-DD hh:mm:ss,SSS init Server startup
control.ServiceUnavailableException: UAS
...
Caused by: login.InitException: Invalid SSO Accounting Service installation.
    at ubilogin.UAS.<init>(UAS.java:182)
    at servlet.Server.init(Server.java:348)
    ... 19 more
Caused by: com.ubisecure.ubilogin.service.spi.ServiceFactoryException: javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object] [Root exception is LDAPException: No Such Object (32) No Such Object
LDAPException: Server Message: 0000208D: NameErr: DSID-03100288, problem 2001 (NO_OBJECT), data 0, best match of:
    'CN=Services,OU=System,<LDAP-suffix>'
 
LDAPException: Matched DN: CN=Services,OU=System,<LDAP-suffix>]; remaining name 'cn=Ubisecure Accounting,cn=Services,ou=System,<LDAP-suffix>'
    at com.ubisecure.ubilogin.service.spi.UbiloginServices.getEnvironment(UbiloginServices.java:123)
...

  2. See Accounting Service finalization for the additional steps to accomplish.

Verify that Ubisecure SSO is installed or upgraded successfully:

  1. Review the ubilogin/logs/uas3_diag.YYYY-MM-DD.log  file.
    1. Confirm that no unexpected errors have occurred since the previous restart.

    2. Confirm that the following entry exists:

      YYYY-MM-DD hh:mm:ss,SSS init Ubilogin Authentication Server X.X.X_XXXXX started YYYY-MM-DD hh:mm:ss,SSS tech ping: the system is alive

  2. Access the Ubisecure Management application using the base url defined in uas.url in win32.config or unix.config file.

    https://sso.example.com:8443/ubilogin/

    You will be prompted to log in.
    The default administrator username is system and the password is admin.

    If system.password in file win32.config/unix.config has no value, a random password is generated and written to win32.config/unix.config.

    If system.password in file win32.config/unix.config has a non-default value, this password is used after upgrade.

    Figure 1. Login process

  3. The next step is to change the password. This will be prompted automatically.

    Figure 2. Password change process


  4. A successful new installation will look like this after log-in:

    Figure 3. Ubisecure Management after log-in

    The version number printed at the bottom of the Ubisecure Management console application is for the Ubisecure Management application only. The first two numbers here (e.g., 8.2) should match the installed version.

Continue installation by creating configurations as in Configuration and setup application to create configurations - SSO


  • No labels

Ubisecure Privacy Policy & Cookie Statement