SSO Installation Accounting Service settings - SSO

These are the Accounting Service related settings to be specified during SSO installation or upgrade in win32.config/unix.config. During the installation process these settings are turned into Accounting Service configuration properties. See the Accounting Service additional configuration to learn about additional configuration capabilities.

If you need to make changes to these properties during the installation process follow the environment specific instructions:

If you need to make changes to these properties after the installation and when the service has already been in use check also the upgrade instructions for your environment:

NOTE: do not leave any trailing spaces in the settings as they are mostly significant.

Field name	Required	Default	Field description
accounting.url	Yes	`https://localhost:8442`	The public URL of the Accounting Service configured in the load balancer or proxy as instructed in the Installation requirements page. The URL is needed for OAuth2 authentication configuration. If you leave the default value it would be accessible only from the local machine. NOTE: If you need to change this after initial installation Ubisecure Directory needs to be updated with the appropriate script (`import-changes`).
accounting.proxy.local.url	Yes	`accounting.url`	The internal URL of the Accounting Service configured in the load balancer or proxy. The URL scheme can be `http` or `https`. By default self-signed certificate with the default password is applied for TLS. About TLS settins see Accounting Service security.
accounting.datasource.url	Yes	`jdbc:postgresql://localhost:5432/accountingdb`	JDBC URL referring to the PostgreSQL database created for the Accounting Service in the following format: jdbc:postgresql://<host>:<port>/<database-name> It is recommended to use only lowercase letters in the database name.
accounting.datasource.username	Yes		The user owning the database, it is recommended to use only lowercase letters in the user name.
accounting.datasource.password	No	If left empty a password is generated by the setup script	The password of the user owning the database.
accounting.secret-key-location-uri	Yes	`file:///${user.dir}/config/accounting-service.secret` where `/${user.dir}` results to the Accounting Service installation and execution directory e.g. in linux:`/usr/local/ubisecure/ubilogin-sso/accounting` and Windows (with forward slashes as supposed to in an URI): `C:/Program Files/Ubisecure/ubilogin-sso/accounting`	URI path for the secret key storage location the application has access to read the secret key for pseudonymisation of personal data, see Accounting Service security / Pseudonymisation. The administrator needs to manage this file during the installation. Note that in a clustered environment each node needs to have the same key value to generate unique user IDs correctly. NOTE: Value must be an URI (https://en.wikipedia.org/wiki/Uniform_Resource_Identifier) that has scheme `file` and thus starts with `file://` but may refer to a network resource.
`accounting.actuator.username`	Yes	`accounting_admin`	HTTP Basic authentication username for the Accounting Service management end-points. In Windows environment this is used to shutdown the Accounting Service.
`accounting.actuator.password`	No	If left empty a password is generated by the setup script	HTTP Basic authentication password for the Accounting Service management end-points. In Windows environment this is used to shutdown the Accounting Service.
accounting.jms.broker.port	Yes	`36161`	SSO communicates with Accounting Service through a Java™ Message Server (JMS) broker in the same local host. This is the port number for the broker. NOTE: If you need to change this after initial installation Ubisecure Directory needs to be updated with the appropriate script (`import-changes`).
accounting.jms.broker.socket-timeout-ms	Yes	`10` (milliseconds)	Timeout for SSO to connect to the Accounting Service JMS broker in milliseconds. This should be set to the shortest possible value the socket connection can be opened in your environment within the same host. NOTE: If you need to change this after initial installation Ubisecure Directory needs to be updated with the appropriate script (`import-changes`).
`accounting.instancename`	Yes	`ubisecure-accounting` (Linux) `UbisecureAccounting` (Windows)	The Accounting Service name in the system you probably don't need to change.
`accounting.username`	Windows only	`@tomcat.username@ => NT AUTHORITY\\LocalService`	The user managing Accounting Service as a Window service you probably don't need to change.

Example of Accounting Service related settings in unix.config:

accounting.url = https://accounting.example.com
accounting.proxy.local.url = http://localhost:8084
accounting.datasource.url = jdbc:postgresql://databasehost:5432/accountingdb
accounting.datasource.username = accounting_user
accounting.datasource.password = Wsop%6deE65-_ftl+tY
accounting.secret-key-location-uri = file:///usr/local/ubisecure/secrets/accounting/keyfile
accounting.actuator.username = accounting_admin
accounting.actuator.password = Olde%64_/1968ASk
accounting.jms.broker.port = 36161
accounting.jms.broker.socket-timeout-ms = 20
accounting.instancename = ubisecure-accounting