Make sure you have basic CustomerID with SSO enabled with LDAPS install before applying these configurations. If not, follow first these instructions:

Enable SSL for LDAP

This example is done with self-signed certificate. It is always better to use publicly trusted certificate here.

Become root

sudo su -

Stop any CustomerID if it is running in all instances.

systemctl stop wildfly.service

Check cacerts before import (make sure you do not have certificate already)

# View all certificates
keytool -list \
        -storepass changeit \
        -cacerts \
          | grep -i openldap

Result should be something like this

openldap-trusted, Aug 29, 2023, trustedCertEntry,

Change linux.config so that it will use ldaps:// instead of ldap:// as a connection.

Note, we expect that LDAP is running in sso.example.com, change as needed.

# Make a backup of existing linux.config
cp /usr/local/ubisecure/customerid/application/linux.config \
   /usr/local/ubisecure/customerid/application/linux.config.$(date +%Y%m%d%H%M%S)

# Apply change
sed -i 's/ldap.url=.*/ldap.url=ldaps:\/\/sso.example.com:636/g' \
  /usr/local/ubisecure/customerid/application/linux.config

Result should be something like this

diff -iw linux.config.20230830103732 linux.config
36c36
< ldap.url=ldap\://sso.example.com\:389
---
> ldap.url=ldaps://sso.example.com:636

If any errors occurs, one can always run setup.sh again to reverse below changes to original defaults.

Once done, run CustomerID setup.sh again.

cd /usr/local/ubisecure/customerid/application
export JAVA_HOME=/usr/lib/jvm/temurin-11-jdk # Make sure you have correct JDK
./setup.sh

Make sure that file permissions are owned by correct user

chown -R wildfly. /usr/local/ubisecure/customerid

Finally restart services

systemctl start wildfly.service

Identity Server 2023.2

Enable ldaps for CustomerID

Enable SSL for LDAP

Related content