Step-by-step guide

In win32.config / unix.config –file under …\ubilogin-sso\ubilogin –directory. The following changes are mandatory. In the following example the original address was localhost:8443.

uas.url=https\://localhost\:8443  change to -> uas.url=https\://new_address.com\:9443 
ubilogin.url=@uas.url@
logviewer.url=@ubilogin.url@
search.url=@ubilogin.url@
password.url=@uas.url@
ldap.url=ldap\://localhost\:389
suffix = cn=Ubilogin,@uas.url.host.dn@ change to -> suffix=cn\=Ubilogin,dc\=localhost (* 
password.encoding=

(* in this example, the localhost is the original address that was used during the initial installation. This could be different in you environment. 

  1. Open server.xml –file under …\ubilogin-sso\ubilogin\custom\tomcat –folder on Windows or /usr/local/ubisecure/ubilogin-sso/ubilogin/custom/tomcat directory on Linux.

  2. Change the old address and port in server.xml.

    <Server port="-1">
	<Service name="SSO">
		<Connector
			port="9443"
			scheme="https" secure="true"
			proxyName="new_address.com" proxyPort="9443"
			maxThreads="150" protocol="HTTP/1.1"
			useBodyEncodingForURI="true" maxHttpHeaderSize="65536"
   			SSLEnabled="true" 
   			sslProtocol="TLS" clientAuth="false"
			keystoreFile="C:\Program Files\Ubisecure\ubilogin-sso\ubilogin/custom/tomcat/keystore.pfx"
			keystorePass="changeit" keystoreType="PKCS12"
		/>
	<Engine name="SSO" defaultHost="new_address.com">
		<Host name="new_address.com" appBase="404"
			unpackWARs="false" autoDeploy="false">


  3. Save the files, open the command prompt as Administrator, and run setup.cmd on that same directory (…\ubilogin-sso\ubilogin). 

  4. Import new Ubisecure SSO application secrets to LDAP

    cd /d "C:\ubisecure\ubilogin-sso\ubilogin" 
ldap\adam\import.cmd ldap\secrets.ldif


    cd /usr/local/ubisecure/ubilogin-sso/ubilogin
./ldap/openldap/import.sh ldap\secrets.ldif



  5. Deploy Ubisecure SSO applications to Tomcat on Windows

    ..\ubilogin-sso\ubilogin\config\tomcat\update.cmd


    ./../ubilogin-sso/ubilogin/config/tomcat/update.sh


  6.  Ubisecure SSO is now working with the new address/port. The Ubisecure SSO metadata has changed. Make sure the new metadata is updated in all integrated applications.

 

 The LDAP suffix can be found in file C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\uas\WEB-INF\jndi.properties:

java.naming.security.principal = cn=Server,ou=System,cn=Ubilogin,dc=login,dc=localhost,dc=com

Copy it starting at "cn=Ubilogin" to win32.config:

suffix=cn=Ubilogin,dc=login,dc=localhost,dc=com


Update accounting.url

For additional information, see the configuration instructions:
https://ubisecuredev.atlassian.net/wiki/display/IDS20181/Configuration+and+setup+application+to+create+configurations+-+SSO


If you are using a self-signed TLS certificate, generate a new self-signed certificate for the new host name as follows.

  1. Delete old keystore

    cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat"
    ren keystore.pfx keystore-old.pfx


  2. Create new keystore

    cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
    config\tomcat\cert.cmd
    Creating login.newplan.com keystore "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\keystore.pfx


  3. Update Tomcat

    config\tomcat\update.cmd
    The UbiloginServer service is stopping.
    The UbiloginServer service was stopped successfully.
    1 File(s) copied
    1 file(s) copied.
    840 File(s) copied
    The UbiloginServer service is starting.
    The UbiloginServer service was started successfully.
    Ubilogin Server updated at https://login.newplan.com:8445/ubilogin/


  4. Delete old certificate from Java cacerts

    "%JRE_HOME%\bin\keytool" -delete -keystore "%JRE_HOME%"\lib\security\cacerts -storepass changeit -alias ubisecure-sso-servercert


  5. Add new certificate to Java cacerts

    "%JRE_HOME%\bin\keytool.exe" -exportcert -keystore "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\keystore.pfx" -alias tomcat -storepass changeit | "%JRE_HOME%\bin\keytool" -importcert -keystore "%JRE_HOME%"\lib\security\cacerts -storepass changeit -alias ubisecure-sso-servercert -noprompt
    Certificate was added to keystore


If you have a CA signed certificate (after running setup, otherwise server.xml will be overwritten):

  1. Copy your pfx file to C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat

  2. Edit C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\conf\server.xml

    keystoreFile="C:\Program Files\Ubisecure\ubilogin-sso\ubilogin/custom/tomcat/mycert.pfx"
    keystorePass="mypassword" keystoreType="PKCS12"


  3. Add certificate to cacerts

    - First find out the alias (te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8 below)

    C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>"%JRE_HOME%\bin\keytool.exe" -list -keystore "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\ubidemo.pfx" -storepass <Enter password>

    Keystore type: JKS
    Keystore provider: SUN

    Your keystore contains 1 entry

    te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8, Sep 2, 2021, PrivateKeyEntry,
    Certificate fingerprint (SHA1): EF:CB:21:BB:07:13:A7:BE:C6:0C:24:03:0A:18:C6:60:78:B8:5E:27

    - Then add to cacerts

    C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>"%JRE_HOME%\bin\keytool.exe" -exportcert -keystore "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\ubidemo.pfx" -alias te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8 -storepass <Enter password> | "%JRE_HOME%\bin\keytool" -importcert -keystore "%JRE_HOME%"\lib\security\cacerts -storepass changeit -alias ubisecure-sso-servercert -noprompt
    Certificate was added to keystore


  4. Run tomcat update
  5. Change login page links if any

All OIDC and SAML integrations need a new metadata / configuration if the host name was changed

Related articles

Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.



Related issues