SSO Installation Accounting Service settings - SSO
These are the Accounting Service related settings to be specified during SSO installation or upgrade in
. During the installation process these settings are turned into Accounting Service configuration properties. See the Accounting Service additional configuration to learn about additional configuration capabilities.win32.config
/unix.config
If you need to make changes to these properties during the installation process follow the environment specific instructions:
- Change configuration settings during installation process in Linux
- Change configuration settings during installation process in Windows
If you need to make changes to these properties after the installation and when the service has already been in use check also the upgrade instructions for your environment:
Field name | Required | Default | Field description |
---|---|---|---|
accounting.url | Yes | https://localhost:8442 | The public URL of the Accounting Service configured in the load balancer or proxy as instructed in the Installation requirements page. The URL is needed for OAuth2 authentication configuration. If you leave the default value it would be accessible only from the local machine. NOTE: If you need to change this after initial installation Ubisecure Directory needs to be updated with the appropriate script ( |
accounting.proxy.local.url | Yes | accounting.url | The internal URL of the Accounting Service configured in the load balancer or proxy. The URL scheme can be By default self-signed certificate with the default password is applied for TLS. About TLS settins see Accounting Service security. |
accounting.datasource.url | Yes | jdbc:postgresql://localhost:5432/accountingdb | JDBC URL referring to the PostgreSQL database created for the Accounting Service in the following format: jdbc:postgresql://<host>:<port>/<database-name> It is recommended to use only lowercase letters in the database name. |
accounting.datasource.username | Yes | The user owning the database, it is recommended to use only lowercase letters in the user name. | |
accounting.datasource.password | No | If left empty a password is generated by the setup script | The password of the user owning the database. |
accounting.secret-key-location-uri | Yes | file:///${user.dir}/config/accounting-service.secret where /${user.dir} results to the Accounting Service installation and execution directory e.g. in linux: and Windows (with forward slashes as supposed to in an URI): | URI path for the secret key storage location the application has access to read the secret key for pseudonymisation of personal data, see Accounting Service security / Pseudonymisation. The administrator needs to manage this file during the installation. Note that in a clustered environment each node needs to have the same key value to generate unique user IDs correctly. NOTE: Value must be an URI (https://en.wikipedia.org/wiki/Uniform_Resource_Identifier) that has scheme |
accounting.actuator.username | Yes |
| HTTP Basic authentication username for the Accounting Service management end-points. In Windows environment this is used to shutdown the Accounting Service. |
accounting.actuator.password | No | If left empty a password is generated by the setup script | HTTP Basic authentication password for the Accounting Service management end-points. In Windows environment this is used to shutdown the Accounting Service. |
accounting.jms.broker.port | Yes | 36161 | SSO communicates with Accounting Service through a Java™ Message Server (JMS) broker in the same local host. This is the port number for the broker. NOTE: If you need to change this after initial installation Ubisecure Directory needs to be updated with the appropriate script ( |
accounting.jms.broker.socket-timeout-ms | Yes | 10 (milliseconds) | Timeout for SSO to connect to the Accounting Service JMS broker in milliseconds. This should be set to the shortest possible value the socket connection can be opened in your environment within the same host. NOTE: If you need to change this after initial installation Ubisecure Directory needs to be updated with the appropriate script ( |
accounting.instancename | Yes |
| The Accounting Service name in the system you probably don't need to change. |
accounting.username | Windows only | @tomcat.username@ => | The user managing Accounting Service as a Window service you probably don't need to change. |
Example of Accounting Service related settings in unix.config
:
accounting.url = https://accounting.example.com accounting.proxy.local.url = http://localhost:8084 accounting.datasource.url = jdbc:postgresql://databasehost:5432/accountingdb accounting.datasource.username = accounting_user accounting.datasource.password = Wsop%6deE65-_ftl+tY accounting.secret-key-location-uri = file:///usr/local/ubisecure/secrets/accounting/keyfile accounting.actuator.username = accounting_admin accounting.actuator.password = Olde%64_/1968ASk accounting.jms.broker.port = 36161 accounting.jms.broker.socket-timeout-ms = 20 accounting.instancename = ubisecure-accounting