Add SSO Server Certificate to Java Trust Store

The SSO Management API, Password Reset application, TOTP API, and Accounting Service reporting endpoints connect to the TLS secured SSO endpoints, so the SSO server certificate need to added to the trust store of the Java Runtime Environment. SSO and Accounting Service restart is required.

How to add the SSO server certificate to the JRE trust store

Finalize and verify Accounting Service installation

1. Verify that Ubisecure SSO starts without errors. If you see the following kind of entry in the ubilogin/logs/sso_diag.YYYY-MM-DD.log  file you have probably not updated LDAP with the new accounting.ldif added to the SSO 8.4. version and you need to return to this step in the installation / upgrade process and execute at least the import-changes script.

   YYYY-MM-DD hh:mm:ss,SSS uas init ERROR Server startup UAS: control.ServiceUnavailableException: UAS: login.InitException: Invalid SSO Accounting Service installation.
   YYYY-MM-DD hh:mm:ss,SSS uas init INFO Ubilogin Authentication Server 9.1.0 stopped
   

2. If you see the following kind of entry in the ubilogin/logs/sso_diag.YYYY-MM-DD.log  file Accounting Service has not properly started, check Troubleshooting Accounting Service.

   YYYY-MM-DD hh:mm:ss,SSS uas init WARN Error in opening Accounting Service JMS connection in SSO startup. Accounting Service is a required component of SSO that needs to be functioning when running SSO. Could not connect to broker URL: tcp://localhost:36161?connectionTimeout=10. Reason: java.net.SocketTimeoutException: connect timed out: javax.jms.JMSException: Could not connect to broker URL: tcp://localhost:36161?connectionTimeout=10. Reason: java.net.SocketTimeoutException: connect timed out: java.net.SocketTimeoutException: connect timed out
   YYYY-MM-DD hh:mm:ss,SSS uas init INFO MessageQueueSender initialised with connection to Accounting Service broker URL: tcp://localhost:36161?connectionTimeout=10 
   
   

3. See Accounting Service finalization for the additional steps to accomplish.

Verify that Ubisecure SSO is installed or upgraded successfully:

1. Review the ubilogin/logs/sso_diag.YYYY-MM-DD.log  file.
   1. Confirm that no unexpected errors have occurred since the previous restart.

   2. Confirm that the following entry exists: X.X.X is the version number which should match with the installed version (e.g. 9.1.0):

      YYYY-MM-DD hh:mm:ss,SSS uas init INFO Ubilogin Authentication Server X.X.X started 
      YYYY-MM-DD hh:mm:ss,SSS uas tech INFO ping: the system is alive

2. Access the Ubisecure Management application using the base url defined in uas.url in win32.config or unix.config file.

   https://sso.example.com:8443/ubilogin/

   You will be prompted to log in.
   The default administrator username is system and the password is admin.
   
   

   If system.password in file win32.config/unix.config has no value, a random password is generated and written to win32.config/unix.config.

   If system.password in file win32.config/unix.config has a non-default value, this password is used after upgrade.

   Figure 1. Login process

3. The next step is to change the password. This will be prompted automatically.

   Figure 2. Password change process

4. A successful new installation will look like this after log-in:

   Figure 3. Ubisecure Management after log-in

   The version number of the release is printed at the bottom of the Ubisecure Management console view.

Continue installation by creating configurations as in Configuration and setup application to create configurations - SSO