/
Change hostname of Ubisecure SSO

Change hostname of Ubisecure SSO

2021-11-04

Step-by-step guide

In win32.config / unix.config –file under …\ubilogin-sso\ubilogin –directory. The following changes are mandatory. In the following example the original address was localhost:8443.

win32.config
uas.url=https\://localhost\:8443 change to -> uas.url=https\://new_address.com\:9443 ubilogin.url=@uas.url@ logviewer.url=@ubilogin.url@ search.url=@ubilogin.url@ password.url=@uas.url@ ldap.url=ldap\://localhost\:389 suffix = cn=Ubilogin,@uas.url.host.dn@ change to -> suffix=cn\=Ubilogin,dc\=localhost (* password.encoding=

(* in this example, the localhost is the original address that was used during the initial installation. This could be different in you environment. 

  1. Open server.xml –file under …\ubilogin-sso\ubilogin\custom\tomcat –folder on Windows or /usr/local/ubisecure/ubilogin-sso/ubilogin/custom/tomcat directory on Linux.

  2. Change the old address and port in server.xml.

    server.xml

    <Server port="-1"> <Service name="SSO"> <Connector port="9443" scheme="https" secure="true" proxyName="new_address.com" proxyPort="9443" maxThreads="150" protocol="HTTP/1.1" useBodyEncodingForURI="true" maxHttpHeaderSize="65536" SSLEnabled="true" sslProtocol="TLS" clientAuth="false" keystoreFile="C:\Program Files\Ubisecure\ubilogin-sso\ubilogin/custom/tomcat/keystore.pfx" keystorePass="changeit" keystoreType="PKCS12" /> <Engine name="SSO" defaultHost="new_address.com"> <Host name="new_address.com" appBase="404" unpackWARs="false" autoDeploy="false">

  3. Save the files, open the command prompt as Administrator, and run setup.cmd on that same directory (…\ubilogin-sso\ubilogin). 

  4. Import new Ubisecure SSO application secrets to LDAP

    Import SSO application secrets on Windows

    cd /d "C:\ubisecure\ubilogin-sso\ubilogin" ldap\adam\import.cmd ldap\secrets.ldif

    Import SSO application secrets on Linux

    cd /usr/local/ubisecure/ubilogin-sso/ubilogin ./ldap/openldap/import.sh ldap\secrets.ldif

  5. Deploy Ubisecure SSO applications to Tomcat on Windows

    Deploy SSO applications to Tomcat on Windows

    ..\ubilogin-sso\ubilogin\config\tomcat\update.cmd

    Deploy SSO applications to Tomcat on Linux

    ./../ubilogin-sso/ubilogin/config/tomcat/update.sh

  6.  Ubisecure SSO is now working with the new address/port. The Ubisecure SSO metadata has changed. Make sure the new metadata is updated in all integrated applications.

 

Note

 The LDAP suffix can be found in file C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\uas\WEB-INF\jndi.properties:

java.naming.security.principal = cn=Server,ou=System,cn=Ubilogin,dc=login,dc=localhost,dc=com

Copy it starting at "cn=Ubilogin" to win32.config:

suffix=cn=Ubilogin,dc=login,dc=localhost,dc=com

 

For SSO 8.4 and later

Update accounting.url

For additional information, see the configuration instructions:
https://ubisecuredev.atlassian.net/wiki/display/IDS20181/Configuration+and+setup+application+to+create+configurations+-+SSO

 

If you are using a self-signed TLS certificate, generate a new self-signed certificate for the new host name as follows.

  1. Delete old keystore

  2. Create new keystore

  3. Update Tomcat

  4. Delete old certificate from Java cacerts

  5. Add new certificate to Java cacerts

If you have a CA signed certificate (after running setup, otherwise server.xml will be overwritten):

  1. Copy your pfx file to C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat

  2. Edit C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\conf\server.xml

  3. Add certificate to cacerts

  4. Run tomcat update

  5. Change login page links if any

Note

All OIDC and SAML integrations need a new metadata / configuration if the host name was changed

Related articles