Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

  1. Obtain and Install Oracle Server JRE 1.8.x and Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files

  2. Set up a system wide JRE_HOME environment variable

    • In Linux this can be done by modifying the /etc/environment file
    • Set the JRE_HOME environment variable so it refers to the Server JRE's base directory (e.g. JRE_HOME=/usr/local .)

  3. Stop the ubilogin-server and ubilogin-directory daemons:

    /etc/init.d/ubilogin-server stop
/etc/init.d/ubilogin-directory stop
  4. Take a backup from Ubisecure Directory of the old SSO (see Taking a backup from Ubisecure Directory in previous SSO version for details).

  5. Backup the existing Ubisecure SSO installation and OpenLDAP:

    cd /usr/local/ubisecure
mv ubilogin-sso ubilogin-sso-old

  6. Extract the archive ubilogin-sso-x.x.x.xxxxx.tar.gz to directory /usr/local/ubisecure 

    tar xzvf ubilogin-sso-x.x.x.xxxxx.tar.gz

  7. Copy unix.config from older version:

    cp /usr/local/ubisecure/ubilogin-sso-old/ubilogin/unix.config
/usr/local/ubisecure/ubilogin-sso/ubilogin/unix.config

  8. Add the following lines to the file, if doesn’t exist /usr/local/ubisecure/ubilogin-sso/ubilogin/unix.config

    tomcat.instancename = ubilogin-server
openldap.instancename = ubilogin-directory
openldap.root= uid=System,ou=System,@suffix@

  9. Copy the following files and directories from the previous installation to the matching ubilogin-sso directory. Note that both Tomcat and Ubisecure SSO logs are retained.

    /usr/local/ubisecure/ubilogin-sso-old/ubilogin/custom/*
/usr/local/ubisecure/ubilogin-sso-old/ubilogin/config.index
/usr/local/ubisecure/ubilogin-sso-old/ubilogin/methods/*
/usr/local/ubisecure/ubilogin-sso-old/ubilogin/logs/*
/usr/local/ubisecure/ubilogin-sso-old/tomcat/logs/*
/usr/local/ubisecure/ubilogin-sso/ubilogin/webapps/uas/WEB-INF/uas.properties
/usr/local/ubisecure/ubilogin-sso/ubilogin/webapps/cdc/WEB-INF/config.properties

  10. If robots.txt has been changed, copy the following file from the previous installation to the matching ubilogin-sso directory:


    /usr/local/ubisecure/ubilogin-sso-old/ubilogin/webapps/ROOT/robots.txt

  11. If the Password reset and password change application is used, copy the following files and directories from the previous installation to the matching ubilogin-sso directory:

    /usr/local/ubisecure/ubilogin-sso-old/ubilogin/webapps/password/WEB-INF/password.properties
/usr/local/ubisecure/ubilogin-sso-old/ubilogin/webapps/password/WEB-INF/saml2


    Edit /usr/local/ubisecure/ubilogin-sso/Ubilogin/config/tomcat/conf/server.xml

    and uncomment:
    <Context path="/password" docBase="${catalina.base}/webapps/password"/>
    Also check /usr/local/ubisecure/ubilogin-sso-old/Ubilogin/webapps/password/WEB-INF/web.xml for mail.smtp.host and .from configuration and copy those to new web.xml (/usr/local/ubisecure/ubilogin-sso-old/ubilogin/webapps/password/WEB-INF/web.xml)

    NOTE:

    Common Domain Cookie Discovery

    Check from the current   installation if Common Domain Cookie Discovery is installed or SAML   Compatibility Flags have been used. To check, examine the file

    /usr/local/Ubisecure/ubilogin-sso-old/tomcat/conf/server.xml

    If the path /cdc is not   commented out, Common Domain Cookie Discovery has been enabled in the previous   installation.

    If Common Domain Cookie   Discovery has been installed prior to the upgrade, re-enable the settings   after upgrade according to the Common   Domain Cookie Discovery Installation document.

    SAML Compatibility Flags

    Older versions of SSO stored   server-level SAML Compatibility Flags in the application configuration files.   These flags are now stored in LDAP and managed through the user interfaces.

    If SAML Compatibility Flags have been activated prior to   the upgrade remember to set those again manually. To check, examine

    /usr/local/Ubisecure/ubilogin-sso-old/ubilogin/webapps/WEB-INF/uas.properties

    If the line

    com.ubisecure.ubilogin.uas.saml2.compatibility   =

    exists and is not blank, make a note of all values and   copy them later to the main screen of SSO Management to the field   Compatibility Flags when installation is completed. Multiple values are   separated with a whitespace character. The values are case sensitive. The   values should remain visible on the screen after pressing Update. If the   value disappears, check for typing errors.

    If the environment has an external SQL database, copy the jdbc driver provided by the database vendor from the previous installation to the matching ubilogin-sso/java directory:

cp /usr/local/ubisecure/ubilogin-sso-old/java/windows-x64/jre/lib/ext/{INSERT DRIVER FILENAME} /usr/local/ubisecure/ubilogin-sso/java/windows-x64/jre/lib/ext

  12. Run the setup script:

    cd /usr/local/ubisecure/ubilogin-sso/ubilogin
./setup.sh

  13. Restore the Ubisecure Directory from the backup (see Restoring the backup to Ubisecure Directory in updated SSO version for details).

  14. Start the ubilogin-directory daemon:

    /etc/init.d/ubilogin-directory start

  15. If you are upgrading from Ubisecure SSO 6.0.0 or 6.0.1 to 6.x, follow the instructions listed in the document Ubisecure SSO Authentication Migration. With newer versions, you can skip this step.

  16. Import the new LDAP secrets file:

    ./ldap/openldap/import.sh ldap/secrets.ldif

  17. Reinstall Tomcat configuration and restart ubilogin-server:

    cd /usr/local/ubisecure/ubilogin-sso/ubilogin
./config/tomcat/remove.sh
./config/tomcat/install.sh
/etc/init.d/ubilogin-server start

  18. The system upgrade is complete.

    NOTE:  If you have Ubisecure CustomerID installed, you need to copy the Authorizer files at this point. For   instructions, please see document Ubisecure CustomerID Installation, chapter Ubisecure SSO Upgrade.

  19. Remove the backed up ubilogin-sso-old directory, or rename and retain it as desired.
  20. Clear your web browser’s cache before accessing the user interface.

  21. The user interface has changed in version 7.1 to support responsive design. Existing user interfaces are supported, but must be updated to enable backward compatibility. directory. For each template.properties file in the custom/templates directory, add the following text as the first line of the file

    # enable backward compatibility for SSO 6.x templates
@import = sso6

    If the template contains a CSS reference, add the following line to the top of the referenced CSS file.

    /* enable backward compatibility for SSO 6.x templates */
@import "sso6.css";

    If the CSS file contains references to graphical or other resources hosted by the Ubisecure SSO as a resource, ensure the resource path is a relative path. An example is shown below:

    #intro {
       background-image: url("resource/intro-box-custom-background.png")
}

    Test all custom user interfaces. To implement a responsive design, create a new template, removing the “import” lines and adjust the CSS tags to match new CSS design. The responsive CSS is available after default installation at the address (where UAS_URL is the hostname for the installation):

    https://UAS_URL/uas/template/default/default.css



  • No labels

Ubisecure Privacy Policy & Cookie Statement