Installation requirements - SSO

Owned by John Jellema
2023-05-05

Java and JAVA_HOME

  1. Java must be preinstalled on the server (including Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files).
    • Review the System Recommendations and Supported Platforms page to get information about which Java versions we currently support. Download one of the supported versions and follow their installation documentation.
    • If you want to use a newer Java version check with our support if we have already tested Ubisecure SSO with it.

  2. Set up a system wide JAVA_HOME environment variable

    • In Linux, this can be done by modifying the /etc/environment file

      • You may have to modify the /etc/sudoers file so that the environment variables are properly exported for the root user. Use the visudo command for this. Note that you will need to restart the root's shell so the settings will take effect.

        Edit /etc/sudoers and add the JAVA_HOME environment variable to env_keep
        Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
...
# Add line below to keep the JAVA_HOME environment variables as a root user
Defaults    env_keep += "JAVA_HOME"

    • In Windows, environment variables can be set Control Panel → System and Security System Advanced system settings → Environment Variables → System Variables → New...


Network requirements

For production installations you must have a load balancer or proxy in front of Ubisecure SSO with the following suggested configuration.

ComponentPublicly facing URL (default port 443)PathsInternal root URL*Example
Ubisecure SSOhttps://login.example.com
/uas/*
/password-reset/*
/password/*
/cdc/*		http://localhost:8080

https://login.example.com/uas

=>

http://localhost:8080/uas

Ubisecure SSO Managementhttps://manage.example.com
/ubilogin/*
/logviewer/*
/search/*
/sso-api/*
/otpserver/*		http://localhost:8081

https://manage.example.com/ubilogin

=>

http://localhost:8080/ubilogin

Ubisecure Accounting Service browser endpointshttps://accounting.example.com

/accounting/*
/oauth2/*
/login/*
/api/*


NOTE: you may not desire to allow /actuator/* end points publicly

http://localhost:8084

https://accounting.example.com/accounting/report

=>

http://localhost:8084/accounting/report


* Either http or https scheme, host name, and the port number can be defined during installation.

System software requirements

Ubisecure requires SSL encrypted HTTP communications to operate securely. These pages provide instructions on setting up SSL with the provided Tomcat server (Ubilogin Server) using Certificate Authority-signed SSL server certificate. A self-signed certificate is automatically generated by the installation scripts for test purposes. A production environment requires a server certificate issued by a trusted third party (Certificate Authority, CA).

Since SSO version 8.4 with Accounting Service feature a PostgreSQL Server RDBMS installation is a required system component. If you have already installed Ubisecure CustomerID you can use the existing PostgreSQL installation but you need to create a specific database for Accounting Service storage needs. Guidelines are given here for linux and here for Windows.

Supported operating systems

Please refer to Identity Server System Recommendations and Supported Platforms

Ubisecure Privacy Policy & Cookie Statement