Installation requirements - SSO

Owned by John Jellema
2021-12-17
2 min read

Java, JRE_HOME and JAVA_HOME

  1. Java must be preinstalled on the server (including Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files).
    • Review the System Recommendations and Supported Platforms page to get information about which Java 8 version we currently support. Download one of the supported versions and follow their installation documentation.
    • If you want to use a newer Java version check with our support if we have already tested Ubisecure SSO with it.

  2. Set up a system wide JRE_HOME and JAVA_HOME environment variables

    • Set the JRE_HOME environment variable so it refers to the Server JRE's jre directory (e.g. JRE_HOME=/usr/local/jdk1.8.0_231/jre)
    • Since v. 8.4. also JAVA_HOME needs to be set but it can refer to the same location as JRE_HOME
    • In Linux, this can be done by modifying the /etc/environment file

      • You may have to modify the /etc/sudoers file so that the environment variables are properly exported for the root user. Use the visudo command for this. Note that you will need to restart the root's shell so the settings will take effect.

        Edit /etc/sudoers and add the JRE_HOME and JAVA_HOME environment variables to env_keep
        Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
...
# Add line below to keep the JRE_HOME and JAVA_HOME environment variables as a root user
Defaults    env_keep += "JRE_HOME JAVA_HOME"

    • In Windows, environment variables can be set Control Panel → System and Security System Advanced system settings → Environment Variables → System Variables → New...


Network requirements

For production installations you must have a load balancer or proxy in front of Ubisecure SSO with the following suggested configuration.

ComponentPublicly facing URL (default port 443)PathsInternal root URL*Example
Ubisecure SSOhttps://login.example.com
/uas/*
/password-reset/*
/password/*
/cdc/*		http://localhost:8080

https://login.example.com/uas

=>

http://localhost:8080/uas

Ubisecure SSO Managementhttps://manage.example.com
/ubilogin/*
/logviewer/*
/search/*
/sso-api/*
/otpserver/*		http://localhost:8081

https://manage.example.com/ubilogin

=>

http://localhost:8080/ubilogin

Ubisecure Accounting Service browser endpointshttps://accounting.example.com

/accounting/*
/oauth2/*
/login/*
/api/*


NOTE: you may not desire to allow /actuator/* end points publicly

http://localhost:8084

https://accounting.example.com/accounting/report

=>

http://localhost:8084/accounting/report


* Either http or https scheme, host name, and the port number can be defined during installation.

System software requirements

Ubisecure requires SSL encrypted HTTP communications to operate securely. These pages provide instructions on setting up SSL with the provided Tomcat server (Ubilogin Server) using Certificate Authority-signed SSL server certificate. A self-signed certificate is automatically generated by the installation scripts for test purposes. A production environment requires a server certificate issued by a trusted third party (Certificate Authority, CA).

Since SSO version 8.4 with Accounting Service feature a PostgreSQL Server RDBMS installation is a required system component. If you have already installed Ubisecure CustomerID you can use the existing PostgreSQL installation but you need to create a specific database for Accounting Service storage needs. Guidelines are given here for linux and here for Windows.

Supported operating systems

Please refer to Identity Server System Recommendations and Supported Platforms

Ubisecure Privacy Policy & Cookie Statement