SSO configuration to use Redis
- Former user (Deleted)
- Former user (Deleted)
- Former user (Deleted)
Owned by Former user (Deleted)
Prerequisities
All the steps before this step in either Windows scalability and high availability setup or Linux scalability and high availability setup must have been done.
To configure SSO to use Redis backed session storage, you need to modify data in SSO configuration database (Ubilogin directory):
- Create a new ubiloginService entry in cn=Services,ou=System with following attributes:
- ubiloginClassname → com.ubisecure.ubilogin.session.manager.redis.SessionManagerFactoryRedis
- ubiloginConfString → url <URL of the Redis service, in form redis://[address]:[port]>
- Use address and port of only one Redis master node. SSO will discover addresses of other master nodes through Redis protocol.
- ubiloginConfString → password <password for the Redis service>
- ubiloginClassname → com.ubisecure.ubilogin.session.manager.redis.SessionManagerFactoryRedis
- Link the created ubiloginService to the cn=ServerSession,ou=System entry using ubiloginServiceDN attribute
For example:
dn: cn=SessionManagerFactoryRedis,cn=Services,ou=System,@suffix@ changetype:add objectClass: ubiloginService cn: SessionManagerFactoryRedis ubiloginClassName: com.ubisecure.ubilogin.session.manager.redis.SessionManagerFactoryRedis ubiloginConfString: url redis://redisnode1.example.com:6379 ubiloginConfString: password SecretPassword1 dn: cn=ServerSession,ou=System,@suffix@ changetype: modify replace: ubiloginServiceDN ubiloginServiceDN: cn=SessionManagerFactoryRedis,cn=Services,ou=System,@suffix@ -
Note that @suffix@ must be expanded to the value of attribute suffix in win32.config.
The change can be done using for example Apache DirectoryStudio, or you can create an ldif file to change the file, and load the data using import script:
./ldap/openldap/import.sh ldap/[name of file containing the changes].ldif