Install node 1 - SSO

Unpacking the Software

Unpack the tar archive to /usr/local/ubisecure. Assuming the archive is in the current directory, we could do the following:

Listing 1.
mkdir -p /usr/local/ubisecure
tar xzvf ubilogin-sso-7.x.x.xxxxx.tar.gz -C /usr/local/ubisecure

Copy the configuration template to /usr/local/ubisecure/ubilogin-sso/ubilogin

Listing 2.
cd /usr/local/ubisecure/ubilogin-sso/ubilogin
cp config/unix.config .

Modifying the configuration template

Open unix.config file in a text editor. Modify the following keys:

uas.url

Modify the public visible URL address of the Ubisecure SSO deployment, which is set with key uas.url. The installation is only accessible from the local machine if the value is set as localhost. The resulting line for uas.url might look like the following:

Listing 3.
uas.url = https://sso.example.com

This is the publicly visible URL address of your Ubisecure SSO installation. The value must not include a path component and must not end with a '/' character.

This address must be accessible for all users of this installation. In an installation with front-end reverse proxy servers this address refers to the first front-end server that is accessible from the public network.

ldap.url

Listing 4.
ldap.url = ldap://127.0.0.1:389

Modify ldap.url value from localhost to 127.0.0.1:389

suffix

Listing 5.
suffix = cn=Ubilogin,dc=sso,dc=example,dc=com

The suffix defines the name of the Ubisecure Directory. This value and the uas.url value uniquely identify a Ubisecure SSO installation. The name of the Ubisecure Directory cannot be changed without reinstalling the entire system, so consider carefully your choice for the suffix.

Reverse Proxy Configuration

Listing 6.
proxy.remote-addr-name = X-Forwarded-For
proxy.local.url = http://localhost:8080

The value "X-Forwarded-For" is commonly used by proxy servers to pass the address of the requesting client. The proxy server must be configured to pass the end-user IP address in this header.

Save the changes and close the unix.config file, then create the configuration files with the setup.sh script:

Listing 7.
./setup.sh

Setting up the System User

Run the following command to set up the system user Ubilogin:

Listing 8.
./config/unix/setupuser.sh

The newly-created user will be used for running the Ubisecure SSO and Ubisecure Directory.

Installing OpenLDAP

Install OpenLDAP using the following command:

Listing 9
./ldap/openldap/install.sh
The install.sh script performs the following tasks:
/etc/init.d/ubilogin-directory start
./import.sh ../cnroot.ldif
./import.sh ../uas.ldif
./import.sh ../secrets.ldif
./import.sh ../system-password.ldif
./import.sh groups.ldif
/etc/init.d/ubilogin-directory stop

When the OpenLDAP install script prompts for LDAP Password, type secret and press return.

Installing Tomcat

Run the Tomcat install script to install and configure Tomcat to start automatically when Linux is started:

Listing 10.
./config/tomcat/install.sh

Start Ubisecure SSO

Start the Ubisecure SSO process using the following commands:

Listing 11
/etc/init.d/ubilogin-directory start
/etc/init.d/ubilogin-server start

Verifying Installation

Access the Ubisecure SSO Management application using the base url defined in uas.url of unix.config.

Listing 12.
https://sso.example.com

You will be prompted to log in. The default administrator username is system and the password is admin. A successful installation will show the Ubisecure SSO Management application.