Windows high availability setup - SSO

NOTE: This steplist can be used to build a high availability setup from scratch or upgrading a single SSO node setup to a high availability setup. Note the following modifications if the goal is to upgrade an existing single node setup to a high availability set up:

In step 1 "AD LDS Installation" do the following configurations to the node 2:

  • AD LDS Installation Steps (Nodes 1 and 2)
  • AD LDS Clustering Setup (Node 2)

Skip the Step 2.

Installation steps

  1. Install AD LDS in both nodes
  2. Install and configure the SSO 1 node as instructed in the single node installation instructions, but do not run the last step (do not start SSO/tomcat)
  3. Install java to the SSO 2 node.
    a)       Obtain and Install Oracle Server JRE 1.8.x and Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.

    b)      Set up system wide environment variables

        • Make sure you have the following environment variables set related to Java. Modify the paths according to your Java installation.
          Set JAVA_HOME to C:\Program Files\Java\jdk1.8.0_144 
          Set JRE_HOME to C:\Program Files\Java\jdk1.8.0_144\jre
        • Environment variables can be set Control Panel → System and Security → System → Advanced system settings → Environment Variables → System Variables → New...
  4. Copy the Ubisecure SSO configurations from the first node to the other node.
      • In practice, this means that the SSO installation folder is copied as such
      • Check the win32.config file's parameter ldap.url to see if the LDAP has been installed in the localhost. If the directory (LDAP) connection is something else than "localhost" (LDAPs are installed on their own separate nodes) then modify the C:\Program Files\ubisecure\ubilogin-sso\ubilogin\config\settings.cmd file's LDAP URL parameters on the SSO node 2
        • set LDAP_URL=ldap://<IP address of the LDAP server 2>:389
        • set LDAP_URL_HOSTNAME=<IP address of the LDAP server 2>
        • set LDAP_URL_PORT=389  
  5. Install the Ubisecure SSO tomcat as a servce
    • Run the Tomcat install script to install the Ubisecure SSO Tomcat as a service:

      cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat"
      install.cmd

      The install script does the following:

      • Creates a self-signed SSL certificate for test purposes.
      • Installs the applications in ubilogin/webapps for Ubisecure SSO Tomcat.
      • Installs Ubisecure SSO as a service.
      • Starts the Ubisecure SSO service (i.e., the Tomcat process).
  6. Install and configure the reverse proxy server e.g. the windows reverse proxy
  7. Start SSO in both nodes
  8. Start the reverse proxy server