Install node 1 - SSO
Unpacking the Software
Unpack the tar archive to /usr/local/ubisecure
. Assuming the archive is in the current directory, we could do the following:
mkdir -p /usr/local/ubisecure tar xzvf ubilogin-sso-7.x.x.xxxxx.tar.gz -C /usr/local/ubisecure
Copy the configuration template to /usr/local/ubisecure/ubilogin-sso/ubilogin
cd /usr/local/ubisecure/ubilogin-sso/ubilogin cp config/unix.config .
Modifying the configuration template
Open unix.config
file in a text editor. Modify the following keys:
uas.url
Modify the public visible URL address of the Ubisecure SSO deployment, which is set with key uas.url. The installation is only accessible from the local machine if the value is set as localhost
. The resulting line for uas.url
might look like the following:
uas.url = https://sso.example.com
This is the publicly visible URL address of your Ubisecure SSO installation. The value must not include a path component and must not end with a '/' character.
This address must be accessible for all users of this installation. In an installation with front-end reverse proxy servers this address refers to the first front-end server that is accessible from the public network.
ldap.url
ldap.url = ldap://127.0.0.1:389
Modify ldap.url
value from localhost
to 127.0.0.1:389
suffix
suffix = cn=Ubilogin,dc=sso,dc=example,dc=com
The suffix defines the name of the Ubisecure Directory. This value and the uas.url
value uniquely identify a Ubisecure SSO installation. The name of the Ubisecure Directory cannot be changed without reinstalling the entire system, so consider carefully your choice for the suffix.
Reverse Proxy Configuration
proxy.remote-addr-name = X-Forwarded-For proxy.local.url = http://localhost:8080
The value "X-Forwarded-For" is commonly used by proxy servers to pass the address of the requesting client. The proxy server must be configured to pass the end-user IP address in this header.
Save the changes and close the unix.config
file, then create the configuration files with the setup.sh script:
./setup.sh
Setting up the System User
Run the following command to set up the system user Ubilogin:
./config/unix/setupuser.sh
The newly-created user will be used for running the Ubisecure SSO and Ubisecure Directory.
Installing OpenLDAP
Install OpenLDAP using the following command:
./ldap/openldap/install.sh The install.sh script performs the following tasks: /etc/init.d/ubilogin-directory start ./import.sh ../cnroot.ldif ./import.sh ../uas.ldif ./import.sh ../secrets.ldif ./import.sh ../system-password.ldif ./import.sh groups.ldif /etc/init.d/ubilogin-directory stop
When the OpenLDAP install script prompts for LDAP Password, type secret
and press return.
Installing Tomcat
Run the Tomcat install script to install and configure Tomcat to start automatically when Linux is started:
./config/tomcat/install.sh
Start Ubisecure SSO
Start the Ubisecure SSO process using the following commands:
/etc/init.d/ubilogin-directory start /etc/init.d/ubilogin-server start
Verifying Installation
Access the Ubisecure SSO Management application using the base url defined in uas.url
of unix.config
.
https://sso.example.com
You will be prompted to log in. The default administrator username is system and the password is admin. A successful installation will show the Ubisecure SSO Management application.