/
Installation requirements - SSO

Installation requirements - SSO

2022-06-21

Java and JAVA_HOME

  1. Java must be preinstalled on the server (including Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files).

    • Review the System Recommendations and Supported Platforms page to get information about which Java versions we currently support. Download one of the supported versions and follow their installation documentation.

    • If you want to use a newer Java version check with our support if we have already tested Ubisecure SSO with it.

  2. Set up a system wide JAVA_HOME environment variable

    • In Linux, this can be done by modifying the /etc/environment file

      • You may have to modify the /etc/sudoers file so that the environment variables are properly exported for the root user. Use the visudo command for this. Note that you will need to restart the root's shell so the settings will take effect.

        Edit /etc/sudoers and add the JAVA_HOME environment variable to env_keep

        Defaults env_reset Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS" Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" ... # Add line below to keep the JAVA_HOME environment variables as a root user Defaults env_keep += "JAVA_HOME"

Network requirements

For production installations you must have a load balancer or proxy in front of Ubisecure SSO with the following suggested configuration.

Component

Publicly facing URL (default port 443)

Paths

Internal root URL*

Example

Ubisecure SSO

https://login.example.com

/uas/*
/password-reset/*
/password/*
/cdc/*

http://localhost:8080

https://login.example.com/uas

=>

http://localhost:8080/uas

Ubisecure SSO Management

https://manage.example.com

/ubilogin/*
/logviewer/*
/search/*
/sso-api/*
/otpserver/*

http://localhost:8081

https://manage.example.com/ubilogin

=>

http://localhost:8080/ubilogin

Ubisecure Accounting Service browser endpoints

https://accounting.example.com

/accounting/*
/oauth2/*
/login/*
/api/*

 

NOTE: you may not desire to allow /actuator/* end points publicly

http://localhost:8084

https://accounting.example.com/accounting/report

=>

http://localhost:8084/accounting/report

 

* Either http or https scheme, host name, and the port number can be defined during installation.

System software requirements

Ubisecure requires SSL encrypted HTTP communications to operate securely. These pages provide instructions on setting up SSL with the provided Tomcat server (Ubilogin Server) using Certificate Authority-signed SSL server certificate. A self-signed certificate is automatically generated by the installation scripts for test purposes. A production environment requires a server certificate issued by a trusted third party (Certificate Authority, CA).

Since SSO version 8.4 with Accounting Service feature a PostgreSQL Server RDBMS installation is a required system component. If you have already installed Ubisecure CustomerID you can use the existing PostgreSQL installation but you need to create a specific database for Accounting Service storage needs. Guidelines are given here for linux and here for Windows.

Supported operating systems

Please refer to Identity Server System Recommendations and Supported Platforms