Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Long certificates require manual installation in Linux version

When a long certificate is set in suffix.pfx, whose base64 encoded string 
is longer than about 4000 characters, it causes the installation procedure
to fail. This is due to an issue with OpenLDAP ldapmodify tool, which is
unable to read lines longer than 4096 characters long and sso installation
script writes the base64 encoded certificate in one line in secrets.ldif.
To address this issue, a tool ldiffold.sh is included with sso 7.1.0 linux
version, which folds given ldif file so that it no longer contains extra
long line. It can be run as follows:

cd /usr/local/ubisecure/ubilogin-sso/ubilogin/ldap
../../tools/linux-x64/ldiffold.sh < secrets.ldif > secrets.ldif.tmp
mv -f secrets.ldif.tmp secrets.ldif


Ubilogin ticket protocol attribute size limits

The Ubilogin Ticket Protocol uses the HTTP GET method to send
authentication and authorization information from UAS to Web Agents.
The HTTP GET method has a size limit. The size limit affects the
amount of information it is possible to successfully send from UAS
to Web Agents. The SAML 2.0 protocol resolves this size limit by using 
the HTTP POST method to send information from UAS to Web Agents.
Ubilogin SAML Service Providers use SAML 2.0 protocol.

Ubisecure SSO, SAML 2.0 and High Availability

When installing Ubisecure SSO in High Availability mode, there are
some restrictions due to some protocol requirements when using SAML 2.0.
Please refer to the Ubisecure Clustering document for more information.

Ubisecure SSO Management Filters

- Filter does not show correct results when filter expression is short
and scandinavian characters are included
- Filter does not accept incorrect filter expressions

Tomcat log unnecessary sever warning

The following error may appear in the tomcat application server log
SEVERE: Servlet.service() for servlet[com.ubisecure.ubilogin.sso.ui.
servlet.ReturnServlet] in context with path [/uas] threw exception 
com.ubisecure.ubilogin.sso.ui.conversation.ConversationLostException

This error is not severe and may simply indicate a user has twice
selected the same action (by double clicking or back button use).
The log message will be corrected in a future release.

SAML entity ID length

Exceptionally long SAML Entity IDs (greater than 64 chars) are not 
supported when using Metadata Updater.

Custom CSS with relative paths

The url path of ubilogin.css stylesheet file has changed in SSO 7.0.0 to
/template/<template_name>/style.css. In case a custom css file with 
relative paths to images etc has been used, it's required to check that 
the relative paths work after upgrading.

  • No labels

Ubisecure Privacy Policy & Cookie Statement