Configuration and setup application to create configurations - SSO
Configuration template
The Ubisecure SSO software package includes a configuration application that is used to generate configuration files and scripts for required software components. The Ubisecure SSO software package contains two configuration templates in the config
directory:
win32.config
for Windowsunix.config
for Linux .
The files located in the config
directory should not be modified. You should copy the example file to the root directory of the installation, e.g., C:\Program Files\Ubisecure\ubilogin-sso\ubilogin
, and modify it there using a text editor.
The following chapter provides more information about the settings in the configuration templates. The default settings in the templates can be used for a local installation, which should only be used for evaluation. If you are installing Ubisecure SSO in a production environment, please consider carefully the configuration settings, especially the uas.url and suffix settings. Note that changing uas.url while leaving suffix unchanged would require a complete reinstallation.
Please use forward slashes (‘/’) in all path values in the configuration template. Do not include a trailing slash (‘/’) character in the path values.
The Macro language
The Ubisecure SSO configuration files use a macro language, that is used to fill configuration file values (from SSO configuration files win32.config, or unix.config) when SSO is installed.
Setup, generation of SSO configuration files
When is the Setup script needed?
The setup script needs to be run whenever there are changes to the applications managed by it. There are three cases where it is necessary to run the setup script:
- When Ubisecure SSO is first installed
- When the file
unix.config
orwin32.config
has been modified - During the Ubisecure SSO upgrade process
When you are finished editing the win32.config
or unix.config
file, you can generate the setup using the following commands
Running the setup script on Windows
cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin" setup.cmd
Running the setup script on Linux
cd /usr/local/ubisecure/ubilogin-sso/ubilogin sh setup.sh
This command generates the configuration files for the required software components. During the process the command also generates new random secrets and passwords for Ubisecure components.
NOTE: New LDAP passwords are generated every time the setup command is executed. For this reason, the secrets.ldif file must be imported to the LDAP directory after running the setup script. After this, the Tomcat update script must be run to have the applications use the new passwords. See Applications upgrade - SSO for more details about the update process.
Updating the LDAP passwords on windows
Updating the application-specific LDAP passwords on Windows
ldap\adam\import.cmd ldap\secrets.ldif
Updating the LDAP passwords on linux
Updating the application-specific LDAP passwords on Linux
./ldap/openldap/import.sh ldap/secrets.ldif
Security considerations
One of the generated random values is the Ubisecure Directory encryption key. This key is written to the win32.config
or unix.config
file in the root of your installation directory. The original file is copied to a backup file. The file with the encryption key is needed if regeneration of the configuration files is performed. Care should be taken to protect the configuration files from unauthorized users.