Finalise Accounting Service installation - SSO
Steps
Accounting Service is installed as part of SSO installation / upgrade. You can find instructions on how to install and upgrade Ubisecure SSO in Installation - SSO and Upgrade - SSO, respectively. Read and proceed with those instructions first.
Verify components installed
A successful installation consists of these components:
- Configuration of the Accounting Service integration in the SSO directory entry:
CN=Ubisecure Accounting
underCN=Services, OU=System
Accounting
site and application in SSO directory- Accounting Service, which is a standalone Spring Boot application running as a service in your operating system (
ubisecure-accounting
), see Verify the running service below
Finalise access rights
After the installation you will have a Accounting
application in SSO that you can verify and manage with Management user interface - SSO. This application controls access to the Accounting Service endpoints like reporting, see Using Accounting Service.
Figure 1. Accounting application in SSO Management |
Accounting
application in the group named Accounting Users
according to your needs, see SSO Management UI Groups.Verify the running service
In order to verify that Accounting Service has been successfully installed or upgraded and started follow the guidelines in the subsequent sections. See Troubleshooting Accounting Service if any of the steps fail.
Accounting Service log
Verify from the application log (by default accounting/logs/ids-accounting.log
under ubilogin-sso
installation directory) that the service has started without errors.
2019-08-23 02:33:23.464 INFO 23901 --- [main] o.a.activemq.broker.TransportConnector : Connector vm://localhost started 2019-08-23 02:33:25.683 INFO 23901 --- [main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8442 (https) with context path '' 2019-08-23 02:33:25.685 INFO 23901 --- [main] c.u.i.a.AccountingServiceApplication : Started AccountingServiceApplication in 28.442 seconds (JVM running for 29.785)
The following warning is harmless:
2019-08-23 02:33:23.461 WARN 23901 --- [main] o.apache.activemq.broker.BrokerRegistry : Broker localhost not started so using localhost-36161 instead
Accounting Service health check
To access Accounting Service actuator endpoints you can naturally use also curl
or similar tool instead of the browser. Provide credentials in the Authorization
header as advised e.g. inhere: https://en.wikipedia.org/wiki/Basic_access_authentication.
Preconditions:
- Accounting Service needs to be running
- Need to know the HTTP Basic authentication credentials, see Accounting service management / Actuator endpoint authentication
Steps with browser:
- Open browser and navigate to the following path:
http(s)://<host>:<port>/actuator/health
Enter the credentials
Figure 2. Entering Accounting Service health check credentials Verify from the response that the overall status and status of each component is 'UP'
Figure 3. Accounting Service health check response in JSON format In normal conditions, the results will read "UP" and the endpoint will return a HTTP 200 error response.
In error conditions, the results will read "DOWN" or "OUT_OF_SERVICE" and the endpoint will return a HTTP 503 error response.
If you don't perceive the expected outcome see Troubleshooting Accounting Service.
Accounting Service version info
Preconditions:
- Accounting Service needs to be running
- Need to know the HTTP Basic authentication credentials, see Accounting service management / Actuator endpoint authentication
Steps:
- Open browser and navigate to the following path:
http(s)://<host>:<port>
/actuator/info Enter the credentials as above
Verify from the response that the version number is correct, The first two numbers here (e.g.
1.0
) should match with the installed version.Figure 4. Accounting Service info response in JSON format
Verify the functionality
See also Using Accounting Service.
Accounting Service OAuth2 authentication check
Preconditions:
- Accounting Service needs to be running
- SSO need to be running
- Need to know the
Accounting
OAuth2 application allowed user credentials in SSO
Steps:
- Open browser and navigate to the following URL:
(the actual URL depends on your network configuration, see Network requirements)
/reporthttps://accounting.example.com
/accounting Enter the credentials in SSO
A CSV download file with total of 0 users is downloaded (when this check is done before the first scheduled monthly calculation)
Monthly active unique user counts empty CSV exampleMonth,Authentication Method,User Count 2019-03,TOTAL,0
Verify the audit log events about the access has been written, see Accounting Service logging / Audit log
If you don't perceive the expected outcome see Troubleshooting Accounting Service.
Verify SSO event recording in the Accounting Service
Preconditions:
- Accounting Service needs to be running
- SSO need to be running
- Need to know the
Accounting
OAuth2 application credentials in SSO
Steps:
- Authenticate into some other SSO managed application than
Accounting
and preferably with some other user or other authentication method than password - Open browser and navigate to the following kind of URL:
where
/accounting/verify/events/<yyyy-MM-dd>https://accounting.example.com
<yyyy-MM-dd>
is replaced with the current date, see Using Accounting Service Enter the credentials in SSO
A CSV download file with an event for each authentication on that day is downloaded, the last row shows the last event
Daily successful authentication events CSV exampleTimestamp,Authentication Method,Pseudonymised User ID 2019-03-15T09:09:00Z,PASSWORD,3b4e5ba2d62e69b6de6730d407f94c999b01c17e10b0d110ed98dfffcbd92191
If you don't perceive the expected outcome see Troubleshooting Accounting Service.