Change configuration settings during installation process in Linux - SSO

Owned by ubisebastian
Last updated: 2022-05-19 by Former user (Deleted)
2 min read

When installing SSO after executing the setup script you may end up in a situation where you need to change either of these settings or both of them:

  1. SSO and Accounting Service related settings in the unix.config file
  2. Accounting Service additional configuration in the custom/accounting/config/application.yaml file.

Follow these guidelines.

Steps

In the steps below we assume that the working directory is /usr/local/ubisecure/ubilogin-sso/ubilogin

Modify settings in unix.config (optional)

Modify settings in the unix.config file and save the file.

Pay no attention to the escaped colon characters in the unix.config file. These syntax examples are in practice the same:

jdbc\:postgresql\://localhost\:5432/accountingdb

jdbc:postgresql://localhost:5432/accountingdb

Run setup again

After these changes you need to run setup again:

./setup.sh

Update secrets and Accounting Service settings into directory

Import the new LDAP secrets which are changed always when the setup script is executed, and Accounting Service settings which may have changed, start LDAP if not running:

systemctl start ubilogin-directory
./ldap/openldap/import-changes.sh

If you do more fundamental changes to the LDAP settings you need to reinstall LDAP again with the install script.

Recreate the self-signed SSL certificate for test purposes (optional)

If you have changed the host name in your settings and specify TLS for the local URLs the self-signed certificate needs to be recreated. In order to do so remove the one already created if you have installed SSO before running the install script again, or create the certificate with the respective script:

rm ./custom/tomcat/keystore.pfx
./config/tomcat/cert.sh

Remember to update (delete + add) the server certificate, see Add Server Certificate to Java Trust Store.

Modify Accounting Service configuration in application.yaml (optional)

Use your favorite editor, for example:

vi custom/accounting/config/application.yaml

Stop the services (optional)

If the Accounting Service originally failed to start it is better to stop at least SSO server or you can stop both of the services to keep control on starting them:

systemctl stop ubilogin-server

In this case start the manually stopped services in the opposite order after update like explained in Starting and stopping the services

Update the services

Use update, which also restarts the services which were running:

./config/tomcat/update.sh

You can also use remove + install instead of update to recreate the services.


Ubisecure Privacy Policy & Cookie Statement