/
Upgrade on Windows - SSO

Upgrade on Windows - SSO

2022-06-15

These are the upgrade instructions to the latest release: SSO 9.0. If you are upgrading to a SSO 8.x.x version, please check the upgrade instructions for that particular release.

In the SSO version 9.0 Java 8 is replaced with Java 11 which needs to be taken into account in the upgrade process:

  • step 1 for the previous version (Java 8)

  • steps 6 and 25 for the new version (Java 11)



IMPORTANT: Sign in using an Administrator account - the same account used during initial product installation.



  1. For the version to be removed, make sure you still have Java 8 installed and JRE_HOME and JAVA_HOME set

  2. Stop the services that are running, ubisecureaccounting is a new service since 8.4. 

    net stop ubiloginserver net stop ubilogindirectory net stop ubisecureaccounting

  3. Backup and restore - Ubisecure Directory

  4. Remove SSO and Accounting Service Windows service configurations

    cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin" config\tomcat\remove.cmd

  5. Move the existing installation to ubilogin-sso-old directory.  

    cd "C:\Program Files\Ubisecure\" move ubilogin-sso ubilogin-sso-old

  6. Replace Java installation with Java 11

    1. If you have a CustomerID installation running on the same SSO server node, stop the WildFly service at this point:

      net stop wildfly

    2. Remove Java 8 installation

    3. Install Java 11 and set JAVA_HOME according to Installation requirements - SSO

  7. Extract the archive ubilogin-sso-8.x.x.xxxxx.zip to a temporary location.

  8. Move the complete unzipped ubilogin-sso directory from the distribution package to C:\Program Files\Ubisecure.

  9. Copy win32.config and  config.index file from the older version. Overwrite config.index.

    copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\win32.config" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\win32.config" copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\config.index" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config.index"

  10. If upgrading from version prior to 6.8, add the following lines to the file C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\win32.config, if not there yet. 

    tomcat.instancename = UbiloginServer tomcat.username = NT AUTHORITY\\LocalService adam.username = NT AUTHORITY\\NetworkService

  11. When upgrading from version 8.3.x or older, add the Accounting Service related settings if they do not exist in the file C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\win32.config. Modify the settings according to these guidelines.

    # Accounting configuration accounting.url = https://localhost:8442 accounting.proxy.local.url = @accounting.url@ accounting.instancename = UbisecureAccounting accounting.username = @tomcat.username@ accounting.datasource.url = jdbc:postgresql://localhost:5432/accountingdb accounting.datasource.username = accounting.datasource.password = accounting.secret-key-location-uri = file:///${user.dir}/config/accounting-service.secret accounting.actuator.username = accounting_admin accounting.actuator.password = accounting.jms.broker.port = 36161 accounting.jms.broker.socket-timeout-ms = 10

  12. When upgrading from version 8.4 or newer, depending of the location of your Accounting Service secret key you may need to copy the file from the older version. NOTE: The secret key must be the same during the entire reporting period which is a month, see Accounting Service security. Example (use the path you have set in the configuration):

    mkdir "C:\Program Files\Ubisecure\ubilogin-sso\accounting\config" copy "C:\Program Files\Ubisecure\ubilogin-sso-old\accounting\config\accounting-service.secret" "C:\Program Files\Ubisecure\ubilogin-sso\accounting\config"

  13. Copy the following files and directories (recursively) from the previous installation to the matching ubilogin-sso directory. Note that Tomcat, Ubisecure SSO, and Accounting Service logs are retained.

    xcopy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\custom" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom" /e /y xcopy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\methods" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\methods" /e /y xcopy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\logs" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\logs" /e /y xcopy "C:\Program Files\Ubisecure\ubilogin-sso-old\tomcat\logs" "C:\Program Files\Ubisecure\ubilogin-sso\tomcat\logs" /e /y xcopy "C:\Program Files\Ubisecure\ubilogin-sso-old\accounting\logs" "C:\Program Files\Ubisecure\ubilogin-sso\accounting\logs" /e /y copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\cdc\WEB-INF\config.properties" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\cdc\WEB-INF\config.properties" copy "C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\ROOT\robots.txt" "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\ROOT\robots.txt"

  14. Check the Common Domain Cookie Discovery.

  15. Run the setup script

    cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin" setup.cmd

  16. After the setup script, you may still need to check some files from the backup folder if you have customized them. Compare the files under C:\Program Files\Ubisecure\ubilogin-sso-old with the ones under C:\Program Files\Ubisecure\ubilogin-sso and copy the necessary changes from:

    C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\uas\WEB-INF\uas.properties C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\totp\WEB-INF\application.yaml

  17. When upgrading from version 8.3.x or older, install and prepare PostgreSQL server. Since SSO version 8.4 with Accounting Service feature access to PostgreSQL database is required for the service to run. If you have already installed Ubisecure CustomerID you can use the existing PostgreSQL installation but you need to create a specific database for this purpose. The necessary tables are automatically created during the initial startup of the Accounting Service. See PostgreSQL preparation on Windows for more information and steps to accomplish.


  18. When upgrading from version 8.6 or older, upgrade PostgreSQL server (for supported versions, see System Recommendations) following PostgreSQL official upgrade documentation at https://www.postgresql.org/docs/12/upgrading.html.
    We have created Knowledge Base "How-to" article with information how we have tested the upgrade and also include estimated migration times. See Upgrade and migrate to new version of PostgreSQL


  19. Start the UbiloginDirectory service

    net start ubilogindirectory

  20. Upgrading Ubisecure Directory


    To update your ADAM or AD LDS installation, the schema and directory settings of the instance must be updated. Before starting, make sure that you are logged in with the same user account that was used to install ADAM or AD LDS.

    To update the schema and directory settings, execute the command adaminstall.cmd shown below.This command updates the LDAP schema and does not delete existing user or configuration data. 

    cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\ldap" adam\adaminstall.cmd

    Add new entries and update LDAP secrets:

    adam\import-changes.cmd

  21. Check Password application.

    Skip this step if the Password application is not enabled.

    Copy the following files to the matching ubilogin-sso directory:

    C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\password\WEB-INF\password.properties C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\password\WEB-INF\saml2

    Edit server.xml file and uncomment:
    <Context path="/password" docBase="${catalina.base}/webapps/password"/>

    notepad C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\conf\server.xml

    Also check web.xml for mail.smtp.host and mail.smtp.from configuration and copy those to new web.xml (C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\password\WEB-INF\web.xml)

    notepad C:\Program Files\Ubisecure\ubilogin-sso-old\ubilogin\webapps\password\WEB-INF\web.xml

  22. When upgrading from version 8.3.x or older, configure Accounting Service

    Before continuing with the installation which will start the Accounting Service you need to enter and save the secret key contents in the location referred by accounting.secret-key-location in win32.config. See Accounting Service security about the usage of the key for pseudonymisation. The page contains a suggested script to create a secure enough secret in the default location.

    You may also customise other Accounting Service configuration settings for your needs, which is recommended. See Accounting Service additional configuration about the properties to set.

  23. Update Tomcat and Accounting Service configuration and restart the services. Since version 8.4 remove should be done before installation directory is replaced. About Accounting Service start see also Windows single node installation.

    cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin" config\tomcat\install.cmd

  24. When upgrading from version 8.8.x or older, import initial key.

    Server signing and decryption key management was updated for SSO 8.9 and the initial signing and decryption key generated during SSO setup must be imported manually in the new location in Ubilogin Directory.

    cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin" ldap\adam\import.cmd ldap\initial-key.ldif

  25. The system upgrade is complete. See also Single node installation finalization. For the new Java installation you need to import SSO certificate to Java trust store.

  26. Either securely remove the backed up ubilogin-sso-old directory, or rename it and store it in a secure location.  All configuration files in the old installation directory (win32.config and unix.config) should either be removed from the system or otherwise protected from unauthorized users.

  27. Clear your web browser’s cache before accessing the user interface.

Ubisecure Privacy Policy & Cookie Statement