Related tasks when upgrading SSO in Linux - CustomerID

Owned by ubisebastian
2022-10-24
2 min read

NOTE: CustomerID versions older than 6.1 are not compatible with SSO 9.1. So before proceeding with this step after SSO installation you need to download the respective CustomerID installation package from Identity Server 2022.2 release.

Ubisecure CustomerID package includes the CustomerID SSO Adapter extension to SSO (it was previously called Ubisecure CustomerID Authorizer). It needs to be installed so that role based policies can be utilized in CustomerID. It also includes functionality related to user driven federations.

This page describes the steps that need to be performed concerning CustomerID when SSO used by CustomerID is being upgraded. Normally, both SSO and CustomerID are upgraded at the same time.

When you upgrade SSO, you need to copy the CustomerID SSO Adapter configuration files from the old SSO installation to the new one. When you upgrade CustomerID, you need to update the adapter implementation.

The steps to follow in Linux:

  1. After upgrading SSO (as instructed in page  Upgrading SSO in Linux), prior to removing the temporary ubilogin-sso-old folder, go to the folder containing the old configuration files: 

    cd /usr/local/ubisecure/ubilogin-sso-old/ubilogin/webapps/uas/WEB-INF/

  2. Copy the existing configuration files to the new installation folder: 

    cp -a attribute-prefix.index /usr/local/ubisecure/ubilogin-sso/ubilogin/webapps/uas/WEB-INF/
cp -a eidm2-authorizer.properties /usr/local/ubisecure/ubilogin-sso/ubilogin/webapps/uas/WEB-INF/

    NOTE: If you are upgrading from an installation where the previous CustomerID SSO Adapter has been from a CustomerID version older than 5.0.x then you need to check the attribute-prefix.index configuration file contents. The value for the eimd property has changed from com.ubisecure.customerid.authorizer.EIDM2Authorizer to com.ubisecure.customerid.authorizer.CidAuthorizer.

  3. Define UBILOGIN_HOME environment variable for the SSO server so that it points to the SSO installation path: /usr/local/ubisecure/ubilogin-sso/ubilogin  

    export UBILOGIN_HOME=/usr/local/ubisecure/ubilogin-sso/ubilogin
  4. Transfer the cid-sso-adapter-package-x.x.x-linux.tar.gz file to the SSO server and extract it for example under the following folder: /usr/local/ubisecure

  5. Run the CustomerID SSO Adapter update script: 

    cd /usr/local/ubisecure/cid-sso-adapter
./update.sh

    The CustomerID SSO Adapter jar files will be integrated to the SSO installation.

  6. Remove older versions of duplicate jar files from SSO: /usr/local/ubisecure/ubilogin-sso/ubilogin/webapps/uas/WEB-INF/lib

    NOTE: If you are upgrading from an installation where the previous CustomerID SSO Adapter has been from a CustomerID version older than 5.0.x then you need to remove old CustomerID Authorizer files. The files that need to be removed are: commons-lang.jar, eidm2-authorizer.jar, eidmutil.jar, json-simple.jar and jsr305.jar. Remove the files from these folders: /usr/local/ubisecure/ubilogin-sso/tomcat/webapps/uas/WEB-INF/lib and /usr/local/ubisecure/ubilogin-sso/ubilogin/webapps/uas/WEB-INF/lib

    NOTE: If you are upgrading from an installation where the previous CustomerID SSO Adapter has been from a CustomerID version 5.0.x or newer then you may need to remove old versions of CustomerID SSO Adapter related jar files. The files that need to be checked are: cid-model-x.x.x.jar, cid-sso-adapter-x.x.x.jar, cid-util-x.x.x.jar, commons-lang3-x.x.jar, guava-x.x.jar and json-simple-x.x.x.jar. Remove the old versions of these files from these folders: /usr/local/ubisecure/ubilogin-sso/tomcat/webapps/uas/WEB-INF/lib and /usr/local/ubisecure/ubilogin-sso/ubilogin/webapps/uas/WEB-INF/lib. The removal should be done after running the update.sh script.

  7. Run update on SSO in order to finalize the installation of the CustomerID SSO Adapter. This can be done with the following command: 

    /usr/local/ubisecure/ubilogin-sso/ubilogin/config/tomcat/update.sh

  8. Ensure that the SSO diagnostic log (sso_diag.yyyy-mm-dd.log, which is by default located at /usr/local/ubisecure/ubilogin-sso/ubilogin/logs) contains the following rows (with the current time): 

    2022-10-06 07:25:25,711 uas init INFO CustomerID Authorizer started
2022-10-06 07:25:25,711 uas authz INFO eidm.authorizer: CidAuthorizer init started.
2022-10-06 07:25:26,083 uas init INFO CustomerID SQL: customeriddb PostgreSQL 12.8
2022-10-06 07:25:26,130 uas authz INFO eidm.authorizer: CidAuthorizer init done.
2022-10-06 07:25:26,130 uas init INFO eidm: com.ubisecure.customerid.authorizer.CidAuthorizer: started



This web page (including any attachments) may contain confidential, proprietary, or privileged information – not for disclosure without authorization from Ubisecure Inc. Copyright © 2022. All Rights Reserved.