SSO adapter upgrade on Linux - CustomerID

Ubisecure CustomerID package includes the Ubisecure CustomerID SSO Adapter extension to the Ubisecure SSO (it was previously called Ubisecure CustomerID Authorizer). It needs to be installed so that role based policies can be utilized in Ubisecure CustomerID. It also includes functionality related to user driven federations.

NOTE: If you are upgrading from an installation where the previous Ubisecure CustomerID SSO Adapter has been from an Ubisecure CustomerID version below 5.0.x then you need to remove old Ubisecure CustomerID Authorizer files. The files that need to be removed are: commons-lang.jar, eidm2-authorizer.jar, eidmutil.jar, json-simple.jar and jsr305.jar. Remove the files from these folders: /usr/local/ubisecure/ubilogin-sso/tomcat/webapps/uas/WEB-INF/lib and /usr/local/ubisecure/ubilogin-sso/ubilogin/webapps/uas/WEB-INF/lib

  1. Define UBILOGIN_HOME environment variable for the Ubisecure SSO server so that it points to the Ubisecure SSO installation path: /usr/local/ubisecure/ubilogin-sso/ubilogin

    export UBILOGIN_HOME=/usr/local/ubisecure/ubilogin-sso/ubilogin
  2. Transfer the cid-sso-adapter-package-x.x.x-linux.tar.gz file to the Ubisecure SSO server and extract it for example under the following folder: /usr/local/ubisecure. Make sure that cid-sso-adapter folder is empty if it exists before extracting the .tar.gz file
  3. Run the Ubisecure CustomerID SSO Adapter update script: 

    cd /usr/local/ubisecure/cid-sso-adapter
    ./update.sh

    The Ubisecure CustomerID SSO Adapter jar files will be integrated to the Ubisecure SSO installation.

  4. Remove older versions of duplicate jar files from Ubisecure SSO: /usr/local/ubisecure/ubilogin-sso/ubilogin/webapps/uas/WEB-INF/lib

    NOTE: If you are upgrading from an installation where the previous Ubisecure CustomerID SSO Adapter has been from an Ubisecure CustomerID version equal or higher than 5.0.x then you need to remove old versions of Ubisecure CustomerID SSO Adapter related jar files. The files that need to be checked are: cid-model-x.x.x.jar, cid-sso-adapter-x.x.x.jar, cid-util-x.x.x.jar, commons-lang3-x.x.jar, guava-x.x.jar and json-simple-x.x.x.jar. Remove the old versions of these files from these folders: /usr/local/ubisecure/ubilogin-sso/tomcat/webapps/uas/WEB-INF/lib and /usr/local/ubisecure/ubilogin-sso/ubilogin/webapps/uas/WEB-INF/lib. The removal should be done after running the update.sh script.

  5. Ensure that all files in ubilogin-sso folder have correct owner and group. 

    chown -R ubilogin:ubilogin /usr/local/ubisecure/ubilogin-sso
  6. NOTE: If you are upgrading from an installation where the previous Ubisecure CustomerID SSO Adapter has been from an Ubisecure CustomerID below 5.0.x then you need to check the attribute-prefix.index configuration file contents. The value for the eimd property has changed from com.ubisecure.customerid.authorizer.EIDM2Authorizer to com.ubisecure.customerid.authorizer.CidAuthorizer.

    Run update on Ubisecure SSO in order to finalize the upgrade of the Ubisecure CustomerID SSO Adapter. 

    /etc/init.d/ubilogin-server stop
    cd /usr/local/ubisecure/ubilogin-sso/ubilogin
    config/tomcat/update.sh
    /etc/init.d/ubilogin-server start
  7. Ensure that the diagnostic log (uas3_diag.yyyy-mm-dd.log, which is by default located at /usr/local/ubisecure/ubilogin-sso/ubilogin/logs) contains the following rows (with the current time): 

    2016-09-20 13:33:17,465 init CustomerID Authorizer started
    2016-09-20 13:33:17,465 authz eidm.authorizer: CidAuthorizer init started.
    2016-09-20 13:33:17,606 init CustomerID SQL: customeriddb PostgreSQL x.x.x
    2016-09-20 13:33:17,632 authz eidm.authorizer: CidAuthorizer init done.
    2016-09-20 13:33:17,632 init eidm: com.ubisecure.customerid.authorizer.CidAuthorizer: started