Single node installation finalization - SSO
Add SSO Server Certificate to Java Trust Store
The SSO Management API, Password Reset application, TOTP API, and Accounting Service reporting endpoints connect to the TLS secured SSO endpoints, so the SSO server certificate need to added to the trust store of the Java Runtime Environment. SSO and Accounting Service restart is required.
How to add the SSO server certificate to the JRE trust store
Finalize and verify Accounting Service installation
Verify that Ubisecure SSO starts without errors. If you see the following kind of entry in the
ubilogin/logs/sso_diag.YYYY-MM-DD.log
file you have probably not updated LDAP with the newaccounting.ldif
added to the SSO 8.4. version and you need to return to this step in the installation / upgrade process and execute at least theimport-changes
script.YYYY-MM-DD hh:mm:ss,SSS uas init ERROR Server startup UAS: control.ServiceUnavailableException: UAS: login.InitException: Invalid SSO Accounting Service installation. YYYY-MM-DD hh:mm:ss,SSS uas init INFO Ubilogin Authentication Server 9.1.0 stopped
If you see the following kind of entry in the
ubilogin/logs/sso_diag.YYYY-MM-DD.log
file Accounting Service has not properly started, check Troubleshooting Accounting Service.YYYY-MM-DD hh:mm:ss,SSS uas init WARN Error in opening Accounting Service JMS connection in SSO startup. Accounting Service is a required component of SSO that needs to be functioning when running SSO. Could not connect to broker URL: tcp://localhost:36161?connectionTimeout=10. Reason: java.net.SocketTimeoutException: connect timed out: javax.jms.JMSException: Could not connect to broker URL: tcp://localhost:36161?connectionTimeout=10. Reason: java.net.SocketTimeoutException: connect timed out: java.net.SocketTimeoutException: connect timed out YYYY-MM-DD hh:mm:ss,SSS uas init INFO MessageQueueSender initialised with connection to Accounting Service broker URL: tcp://localhost:36161?connectionTimeout=10
See Accounting Service finalization for the additional steps to accomplish.
Verify that Ubisecure SSO is installed or upgraded successfully:
- Review the
ubilogin/
logs/sso_diag.YYYY-MM-DD.log file.- Confirm that no unexpected errors have occurred since the previous restart.
Confirm that the following entry exists:
X.X.X
is the version number which should match with the installed version (e.g. 9.1.0):YYYY-MM-DD hh:mm:ss,SSS uas init INFO Ubilogin Authentication Server X.X.X started YYYY-MM-DD hh:mm:ss,SSS uas tech INFO ping: the system is alive
Access the Ubisecure Management application using the base url defined in uas.url in
win32.config
orunix.config
file.https://sso.example.com:8443/ubilogin/
You will be prompted to log in.
The default administrator username is system and the password is admin.If system.password in file
win32.config/unix.config
has no value, a random password is generated and written towin32.config/unix.config
.If system.password in file
win32.config/unix.config
has a non-default value, this password is used after upgrade.Figure 1. Login process The next step is to change the password. This will be prompted automatically.
Figure 2. Password change process A successful new installation will look like this after log-in:
Figure 3. Ubisecure Management after log-in
The version number of the release is printed at the bottom of the Ubisecure Management console view.
Continue installation by creating configurations as in Configuration and setup application to create configurations - SSO
This web page (including any attachments) may contain confidential, proprietary, or privileged information – not for disclosure without authorization from Ubisecure Inc. Copyright © 2024. All Rights Reserved.