In win32.config / unix.config –file under …\ubilogin-sso\ubilogin –directory. The following changes are mandatory. In the following example the original address was localhost:8443.
uas.url=https\://localhost\:8443 change to -> uas.url=https\://new_address.com\:9443 ubilogin.url=@uas.url@ logviewer.url=@ubilogin.url@ search.url=@ubilogin.url@ password.url=@uas.url@ ldap.url=ldap\://localhost\:389 suffix = cn=Ubilogin,@uas.url.host.dn@ change to -> suffix=cn\=Ubilogin,dc\=localhost (* password.encoding= |
(* in this example, the localhost is the original address that was used during the initial installation. This could be different in you environment.
Change the old address and port in server.xml.
<Server port="-1"> <Service name="SSO"> <Connector port="9443" scheme="https" secure="true" proxyName="new_address.com" proxyPort="9443" maxThreads="150" protocol="HTTP/1.1" useBodyEncodingForURI="true" maxHttpHeaderSize="65536" SSLEnabled="true" sslProtocol="TLS" clientAuth="false" keystoreFile="C:\Program Files\Ubisecure\ubilogin-sso\ubilogin/custom/tomcat/keystore.pfx" keystorePass="changeit" keystoreType="PKCS12" /> <Engine name="SSO" defaultHost="new_address.com"> <Host name="new_address.com" appBase="404" unpackWARs="false" autoDeploy="false"> |
Import new Ubisecure SSO application secrets to LDAP
cd /d "C:\ubisecure\ubilogin-sso\ubilogin" ldap\adam\import.cmd ldap\secrets.ldif |
cd /usr/local/ubisecure/ubilogin-sso/ubilogin ./ldap/openldap/import.sh ldap\secrets.ldif |
Deploy Ubisecure SSO applications to Tomcat on Windows
..\ubilogin-sso\ubilogin\config\tomcat\update.cmd |
./../ubilogin-sso/ubilogin/config/tomcat/update.sh |
The LDAP suffix can be found in file C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\uas\WEB-INF\jndi.properties: java.naming.security.principal = cn=Server,ou=System,cn=Ubilogin,dc=login,dc=localhost,dc=com Copy it starting at "cn=Ubilogin" to win32.config: suffix=cn=Ubilogin,dc=login,dc=localhost,dc=com |
Update accounting.url For additional information, see the configuration instructions: |
If you are using a self-signed TLS certificate, generate a new self-signed certificate for the new host name as follows.
Delete old keystore
cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat" |
Create new keystore
cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin" |
Update Tomcat
config\tomcat\update.cmd 1 File(s) copied Ubilogin Server updated at https://login.newplan.com:8445/ubilogin/ |
Delete old certificate from Java cacerts
"%JRE_HOME%\bin\keytool" -delete -keystore "%JRE_HOME%"\lib\security\cacerts -storepass changeit -alias ubisecure-sso-servercert |
Add new certificate to Java cacerts
"%JRE_HOME%\bin\keytool.exe" -exportcert -keystore "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\keystore.pfx" -alias tomcat -storepass changeit | "%JRE_HOME%\bin\keytool" -importcert -keystore "%JRE_HOME%"\lib\security\cacerts -storepass changeit -alias ubisecure-sso-servercert -noprompt |
If you have a CA signed certificate (after running setup, otherwise server.xml will be overwritten):
Edit C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\conf\server.xml
keystoreFile="C:\Program Files\Ubisecure\ubilogin-sso\ubilogin/custom/tomcat/mycert.pfx" |
Add certificate to cacerts
- First find out the alias (te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8 below) C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>"%JRE_HOME%\bin\keytool.exe" -list -keystore "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\ubidemo.pfx" -storepass <Enter password> Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8, Sep 2, 2021, PrivateKeyEntry, Certificate fingerprint (SHA1): EF:CB:21:BB:07:13:A7:BE:C6:0C:24:03:0A:18:C6:60:78:B8:5E:27 - Then add to cacerts C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>"%JRE_HOME%\bin\keytool.exe" -exportcert -keystore "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\ubidemo.pfx" -alias te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8 -storepass <Enter password> | "%JRE_HOME%\bin\keytool" -importcert -keystore "%JRE_HOME%"\lib\security\cacerts -storepass changeit -alias ubisecure-sso-servercert -noprompt |
All OIDC and SAML integrations need a new metadata / configuration if the host name was changed |
Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.
|