Disable unused SSO server components
Good security practice is to disable any unused server functionalities. Some services are disabled already by default after installation.
This guide shows how to disable more server functionalities. In this example, search and logviewer will be disabled.
Step-by-step guide
To disable unused SSO server components
Check if you are already using a customised Tomcat configuration - is there a file called
server.xmlin the directoryubilogin-sso\ubilogin\custom\tomcat? If not, copy the currently used version as a base:Windows
copy C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\conf\server.xml C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcatLinux
cp /usr/local/ubisecure/ubilogin-sso/ubilogin/config/tomcat/conf/server.xml /usr/local/ubisecure/ubilogin-sso/ubilogin/custom/tomcatModify only the relevant lines of server.xml file in
C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcator/usr/local/ubisecure/ubilogin-sso/ubilogin/custom/tomcatby commenting out the unused applications:Before: Logviewer and Search are enabled
<Context docBase="${catalina.base}/webapps/logviewer" path="/logviewer"/> <Context docBase="${catalina.base}/webapps/search" path="/search"/>After: Logviewer and Search are disabled
<!-- <Context docBase="${catalina.base}/webapps/logviewer" path="/logviewer"/> --> <!-- <Context docBase="${catalina.base}/webapps/search" path="/search"/> -->After saving, apply the application server configuration changes by executing
update.cmdas follows.Windows
cd /d C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\ update.cmdThe server will be restarted automatically.
Linux
cd usr/local/ubisecure/ubilogin-sso/ubilogin/custom/tomcat /etc/init.d/ubilogin-server stop ./update.sh /etc/init.d/ubilogin-server start
In a clustered environment, this change must be performed sequentially on each server node.
Related articles