Installation requirements - SSO
Java, JRE_HOME and JAVA_HOME
Java must be preinstalled on the server (including Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files).
We have tested Ubisecure SSO with Oracle Java 8 (at least update 231) 64 bit Server JRE version, AdoptOpenJDK and Red Hat OpenJDK.
If you want to use a newer Java version check with our support if we have already tested Ubisecure SSO with it.
You can find the download site in the address: http://www.oracle.com/technetwork/java/javase/downloads/index.html
Refer to Oracle online documentation for installing the Server JRE: https://docs.oracle.com/javase/8/docs/technotes/guides/install/linux_server_jre.html
Instructions to install JCE Policy Files are included in the download package. Starting from Java 8 update 162 the unlimited policy is enabled by default.
Set up a system wide JRE_HOME and JAVA_HOME environment variables
Set the JRE_HOME environment variable so it refers to the Server JRE's
jredirectory (e.g. JRE_HOME=/usr/local/jdk1.8.0_231/jre)Since v. 8.4. also JAVA_HOME needs to be set but it can refer to the same location as JRE_HOME
In Linux, this can be done by modifying the /etc/environment file
You may have to modify the /etc/sudoers file so that the environment variables are properly exported for the root user. Use the visudo command for this. Note that you will need to restart the root's shell so the settings will take effect.
Edit /etc/sudoers and add the JRE_HOME and JAVA_HOME environment variables to env_keep
Defaults env_reset Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS" Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" ... # Add line below to keep the JRE_HOME and JAVA_HOME environment variables as a root user Defaults env_keep += "JRE_HOME JAVA_HOME"
In Windows, environment variables can be set Control Panel → System and Security → System → Advanced system settings → Environment Variables → System Variables → New...
Network requirements
For production installations you must have a load balancer or proxy in front of Ubisecure SSO with the following suggested configuration.
Component | Publicly facing URL (default port 443) | Paths | Internal root URL* | Example |
|---|---|---|---|---|
Ubisecure SSO |
|
|
|
=>
|
Ubisecure SSO Management |
|
|
|
=>
|
Ubisecure Accounting Service browser endpoints |
|
NOTE: you may not desire to allow |
|
=>
|
* Either http or https scheme, host name, and the port number can be defined during installation.
System software requirements
Ubisecure requires SSL encrypted HTTP communications to operate securely. These pages provide instructions on setting up SSL with the provided Tomcat server (Ubilogin Server) using Certificate Authority-signed SSL server certificate. A self-signed certificate is automatically generated by the installation scripts for test purposes. A production environment requires a server certificate issued by a trusted third party (Certificate Authority, CA).
Since SSO version 8.4 with Accounting Service feature a PostgreSQL Server RDBMS installation is a required system component. If you have already installed Ubisecure CustomerID you can use the existing PostgreSQL installation but you need to create a specific database for Accounting Service storage needs. Guidelines are given here for linux and here for Windows.
Supported operating systems
Please refer to System recommendations - SSO.