When following the instructions given in this manual, it is advisable to type the commands manually instead of copy/pasting them. This is because sometimes characters may be lost or modified in the copying process. |
Make sure you have Java installed and JAVA_HOME set according to the Installation requirements - SSO.
Unpack the tar archive to /usr/local/ubisecure
.
mkdir -p /usr/local/ubisecure tar -xzvf sso-x.x.x-unix.tar.gz -C /usr/local/ubisecure |
For 64 bit Redhat linux, the glibc and libgcc packages for i686 must be installed, update needs to be run for 64bit version of libgcc to prevent version mismatch problem. Linux standard base package is also needed.
yum install glibc.i686 yum update libgcc yum install libgcc.i686 yum install lsb |
Copy the configuration template to /usr/local/ubisecure/ubilogin-sso/ubilogin
:
cd /usr/local/ubisecure/ubilogin-sso/ubilogin cp config/unix.config . |
Open unix.config
file in a text editor. Modify the public visible URL address of the Ubisecure deployment, which is set with key uas.url
. The installation is only accessible from the local machine if the value is set as localhost
. The resulting line for uas.url
might look like the following:
uas.url = https://sso.example.com:8443 |
Before saving the changes modify additional Accounting Service related settings. |
Example of modified Accounting Service related settings:
accounting.url = https://manage.example.com accounting.proxy.local.url = https://localhost:8442 accounting.datasource.url = jdbc:postgresql://databasehost:5432/accountingdb accounting.datasource.username = accounting_user accounting.datasource.password = Wsop%6deE65-_ftl+tY |
Create the configuration files with the setup.sh
script.
./setup.sh |
New LDAP passwords are generated every time the setup command is executed. For this reason, the |
Since SSO version 8.4 with Accounting Service feature access to PostgreSQL database is required for the service to run. If you have already installed Ubisecure CustomerID you can use the existing PostgreSQL installation but you need to create a specific database for this purpose. The necessary tables are automatically created during the initial startup of the Accounting Service.
See PostgreSQL preparation on Linux for more information and steps to accomplish.
Before continuing with the installation which will start the Accounting Service you need to enter and save the secret key contents in the location referred by accounting.secret-key-location
in unix.config
. See Accounting Service security about the usage of the key for pseudonymisation. The page contains a suggested script to create a secure enough secret in the default location.
You may also customise other Accounting Service configuration settings for your needs, which is recommended. See Accounting Service additional configuration about the properties to set.
When customising edit this file which is copied from the installation package by the setup script: If the file were not present copy the default file from this directory: |
Install OpenLDAP using following command:
cd /usr/local/ubisecure/ubilogin-sso/ubilogin ./ldap/openldap/install.sh |
Since 8.4 installation script creates and configures a site named Accounting
under System
site with an OAuth 2.0 application named Accounting
. This application is needed for the secured endpoints to access Accounting Service data. The application is allowed to a group named Accounting Users
. The System Administrator
user is by default added to this group but you can configure the users otherwise once Ubisecure SSO is running, see SSO Management UI Groups.
If the OpenLDAP install script prompts for LDAP Password, type secret
and press return.
In RedHat 7 install.sh script fails. As a workaround, start OpenLDAP from shell by executing:
After OpenLDAP has started, open a new shell and execute the following commands:
After finishing the execution, kill the OpenLDAP instance from the other window. |
When using LDAPS, |
Run the Tomcat install script to install and configure Tomcat to start automatically when Linux is started. Since v. 8.4 also the Accounting Service shall be installed as such a service.
./config/tomcat/install.sh |
The install script does the following:
ubilogin/webapps
for Tomcat./accounting/config
directory.Start the Ubisecure Accounting service using the following command.
systemctl start ubisecure-accounting |
unix.config
file before continuing. see Change configuration settings during installation process in Linux. See also Troubleshooting Accounting Service.Accounting Service should always be running before SSO is started or otherwise SSO log will be filled with errors but still keeps running if there is enough disk space. SSO can recover without a restart from Accounting Service restart if necessary. |
Start the Ubisecure SSO process using the following commands.
systemctl start ubilogin-directory systemctl start ubilogin-server |
Continue on page Installation finalisation to finalise and verify the installation.