Last reviewed: 2020-05-29

IMPORTANT: Sign in using an Administrator account - the same account used during initial product installation.

Make sure you have Java installed, JRE_HOME and JAVA_HOME set according to Installation requirements - SSO.
Stop the services that are running, ubisecureaccounting is a new service since 8.4.
```
net stop ubiloginserver
net stop ubilogindirectory
net stop ubisecureaccounting
```
Backup and restore - Ubisecure Directory

Remove SSO and Accounting Service Windows service configurations

cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
config\tomcat\remove.cmd

Move the existing installation to ubilogin-sso-old directory.

cd /d "C:\Program Files\Ubisecure\"
move ubilogin-sso ubilogin-sso-old

Extract the archive ubilogin-sso-8.x.x.xxxxx.zip to a temporary location.
Move the complete unzipped ubilogin-sso directory from the distribution package to C:\Program Files\Ubisecure.

Copy win32.config and config.index file from the older version. Overwrite config.index.

copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\win32.config" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\win32.config"
copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\config.index" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config.index"

If upgrading from version prior to 6.8, add the following lines to the file C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\win32.config, if not there yet.
```
tomcat.instancename = UbiloginServer
tomcat.username = NT AUTHORITY\\LocalService
adam.username = NT AUTHORITY\\NetworkService
```

When upgrading from version 8.3.x or older, add the Accounting Service related settings if they do not exist in the file C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\win32.config. Modify the settings according to these guidelines.

# Accounting configuration
accounting.url = https://localhost:8442
accounting.proxy.local.url = @accounting.url@
accounting.instancename = UbisecureAccounting
accounting.username = @tomcat.username@
accounting.datasource.url = jdbc:postgresql://localhost:5432/accountingdb
accounting.datasource.username = 
accounting.datasource.password = 
accounting.secret-key-location-uri = file:///${user.dir}/config/accounting-service.secret
accounting.actuator.username = accounting_admin
accounting.actuator.password = 
accounting.jms.broker.port = 36161
accounting.jms.broker.socket-timeout-ms = 10

When upgrading from version 8.4 or later, copy Accounting Service logs from the old SSO version:

mkdir "C:\Program Files\Ubisecure\ubilogin-sso\accounting\logs"
copy "C:\Program Files\Ubisecure\ubilogin-sso-old\accounting\logs" "C:\Program Files\Ubisecure\ubilogin-sso\accounting\logs"

When upgrading from version 8.4 or later, depending of the location of your Accounting Service secret key you may need to copy the file from the older version. NOTE: The secret key must be the same during the entire reporting period which is a month, see Accounting Service security. Example (use the path you have set in the configuration):
```
mkdir "C:\Program Files\Ubisecure\ubilogin-sso\accounting\config"
copy "C:\Program Files\Ubisecure\ubilogin-sso-old\accounting\config\accounting-service.secret" "C:\Program Files\Ubisecure\ubilogin-sso\accounting\config"
```

Copy the following files and directories (recursively) from the previous installation to the matching ubilogin-sso directory. Note that both Tomcat and Ubisecure SSO logs are retained.

xcopy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\custom" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom" /e /y
xcopy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\methods" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\methods" /e /y
xcopy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\logs" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\logs" /e /y
xcopy "C:\Program Files\Ubisecure\ubilogin-sso-old\tomcat\logs" "C:\Program Files\Ubisecure\ubilogin-sso\tomcat\logs" /e /y
copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\uas\WEB-INF\uas.properties" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\uas\WEB-INF\uas.properties"
copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\cdc\WEB-INF\config.properties" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\cdc\WEB-INF\config.properties" /y
copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\ROOT\robots.txt" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\ROOT\robots.txt"

Check the Common Domain Cookie Discovery.
NOTE:
Common Domain Cookie Discovery: Check from the current installation if Common Domain Cookie Discovery is installed . To check, examine the file
C:\Program Files\Ubisecure\ubilogin-sso-old\tomcat\conf\server.xml
If the path /cdc is not commented out, Common Domain Cookie Discovery has been enabled in the previous installation.If Common Domain Cookie Discovery has been installed prior to the update, re-enable the settings after update according to the Common Domain Cookie Discovery document.
Run the setup script

NOTE: Ubisecure System Administrator password will be reset after upgrading the directory. The password will be set to the default value specified in the configuration file (win32.config or unix.config) with the key system.password.
You should either
a) Set the default password in the configuration file to a new stronger password before updating, or
b) Block external HTTP/S access to the system during the update process. You will be prompted to enter a new system password during the first login attempt. After the password is changed, unblock access to the system.
```
cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
setup.cmd
```
When upgrading from version 8.3.x or older, install and prepare PostgreSQL. Since SSO version 8.4 with Accounting Service feature access to PostgreSQL database is required for the service to run. If you have already installed Ubisecure CustomerID you can use the existing PostgreSQL installation but you need to create a specific database for this purpose. The necessary tables are automatically created during the initial startup of the Accounting Service. See PostgreSQL preparation on Windows for more information and steps to accomplish.
Start the UbiloginDirectory service
```
net start ubilogindirectory
```
Upgrading Ubisecure Directory

To update your ADAM or AD LDS installation, the schema and directory settings of the instance must be updated. Before starting, make sure that you are logged in with the same user account that was used to install ADAM or AD LDS.
To update the schema and directory settings, execute the command adaminstall.cmd shown below.This command updates the LDAP schema and does not delete existing user or configuration data.
```
cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\ldap"
adam\adaminstall.cmd
```
Add new entries and update LDAP secrets:
```
adam\import-changes.cmd
```
Check Password application.
NOTE:
Password: Check from the current installation if Password application is enabled. To check, examine the file
C:\Program Files\Ubisecure\ubilogin-sso-old\tomcat\conf\server.xml
If the path /password is not commented out, Password application has been enabled in the previous installation.
Skip this step if the Password application is not enabled.
Copy the following files to the matching ubilogin-sso directory:
```
C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\password\WEB-INF\password.properties
C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\password\WEB-INF\saml2
```
Edit server.xml file and uncomment:
<Context path="/password" docBase="${catalina.base}/webapps/password"/>
```
notepad C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\conf\server.xml
```
Also check web.xml for mail.smtp.host and mail.smtp.from configuration and copy those to new web.xml (C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\password\WEB-INF\web.xml)
```
notepad C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\password\WEB-INF\web.xml
```
When upgrading from version 8.3.x or older, configure Accounting Service
Before continuing with the installation which will start the Accounting Service you need to enter and save the secret key contents in the location referred by accounting.secret-key-location in win32.config. See Accounting Service security about the usage of the key for pseudonymisation. The page contains a suggested script to create a secure enough secret in the default location.
You may also customise other Accounting Service configuration settings for your needs, which is recommended. See Accounting Service additional configuration about the properties to set.

When customising edit this file which is copied from the installation package by the setup script: C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\accounting\config\application.yaml
Update Tomcat and Accounting Service configuration and restart the services. Since version 8.4 remove should be done before installation directory is replaced. About Accounting Service start see also Windows single node installation.
```
cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
config\tomcat\install.cmd
```
The system upgrade is complete. See also Single node installation finalization.

NOTE: If you have Ubisecure CustomerID installed, you need to copy the Authorizer files at this point. For instructions, please see document Ubisecure CustomerID Installation, chapter Customer ID SSO Adapter Installation on Windows.
Either securely remove the backed up ubilogin-sso-old directory, or rename it and store it in a secure location. All configuration files in the old installation directory (win32.config and unix.config) should either be removed from the system or otherwise protected from unauthorized users.
Clear your web browser’s cache before accessing the user interface.

Browser not supported