Configuration and setup application to create configurations - SSO

Configuration template

The Ubisecure SSO software package includes a configuration application that is used to generate configuration files and scripts for required software components. The Ubisecure SSO software package contains two configuration templates in the config directory:

  • win32.config for Windows
  • unix.config for Linux .

The files located in the config directory should not be modified. You should copy the example file to the root directory of the installation, e.g., C:\Program Files\Ubisecure\ubilogin-sso\ubilogin, and modify it there using a text editor.

The following chapter provides more information about the settings in the configuration templates. The default settings in the templates can be used for a local installation, which should only be used for evaluation. If you are installing Ubisecure SSO in a production environment, please consider carefully the configuration settings, especially the uas.url and suffix settings. Note that changing uas.url while leaving suffix unchanged would require a complete reinstallation.

Please use forward slashes (‘/’) in all path values in the configuration template. Do not include a trailing slash (‘/’) character in the path values.

The Macro language

The Ubisecure SSO configuration files use a macro language, that is used to fill configuration file values (from SSO configuration files win32.config, or unix.config) when SSO is installed.

Setup, generation of SSO configuration files

When is the Setup script needed?

The setup script needs to be run whenever there are changes to the applications managed by it. There are three cases where it is necessary to run the setup script:

  1. When Ubisecure SSO is first installed
  2. When the file unix.config or win32.config has been modified
  3. During the Ubisecure SSO upgrade process

When you are finished editing the win32.config or unix.config file, you can generate the setup using the following commands

Running the setup script on Windows

cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"

Running the setup script on Linux

cd /usr/local/ubisecure/ubilogin-sso/ubilogin

This command generates the configuration files for the required software components. During the process the command also generates new random secrets and passwords for Ubisecure components.

NOTE:  New LDAP passwords are generated every time the setup command is executed. For this reason, the secrets.ldif file must be imported to the LDAP directory after running the setup script. After this, the Tomcat update script must be run to have the applications use the new passwords. See Applications upgrade - SSO for more details about the update process.

Updating the LDAP passwords on windows

Updating the application-specific LDAP passwords on Windows

ldap\adam\import.cmd ldap\secrets.ldif

Updating the LDAP passwords on linux

Updating the application-specific LDAP passwords on Linux

./ldap/openldap/ ldap/secrets.ldif

Security considerations

One of the generated random values is the Ubisecure Directory encryption key. This key is written to the win32.config or unix.config file in the root of your installation directory. The original file is copied to a backup file. The file with the encryption key is needed if regeneration of the configuration files is performed. Care should be taken to protect the configuration files from unauthorized users.