/
Change hostname of Ubisecure SSO

Change hostname of Ubisecure SSO

Step-by-step guide

In win32.config / unix.config –file under …\ubilogin-sso\ubilogin –directory. The following changes are mandatory. In the following example the original address was localhost:8443.

win32.config
uas.url=https\://localhost\:8443  change to -> uas.url=https\://new_address.com\:9443 
ubilogin.url=@uas.url@
logviewer.url=@ubilogin.url@
search.url=@ubilogin.url@
password.url=@uas.url@
ldap.url=ldap\://localhost\:389
suffix = cn=Ubilogin,@uas.url.host.dn@ change to -> suffix=cn\=Ubilogin,dc\=localhost (* 
password.encoding=

(* in this example, the localhost is the original address that was used during the initial installation. This could be different in you environment. 

  1. Open server.xml –file under …\ubilogin-sso\ubilogin\custom\tomcat –folder on Windows or /usr/local/ubisecure/ubilogin-sso/ubilogin/custom/tomcat directory on Linux.
  2. Change the old address and port in server.xml.

    server.xml
    <Server port="-1">
    	<Service name="SSO">
    		<Connector
    			port="9443"
    			scheme="https" secure="true"
    			proxyName="new_address.com" proxyPort="9443"
    			maxThreads="150" protocol="HTTP/1.1"
    			useBodyEncodingForURI="true" maxHttpHeaderSize="65536"
       			SSLEnabled="true" 
       			sslProtocol="TLS" clientAuth="false"
    			keystoreFile="C:\Program Files\Ubisecure\ubilogin-sso\ubilogin/custom/tomcat/keystore.pfx"
    			keystorePass="changeit" keystoreType="PKCS12"
    		/>
    	<Engine name="SSO" defaultHost="new_address.com">
    		<Host name="new_address.com" appBase="404"
    			unpackWARs="false" autoDeploy="false">


  3. Save the files, open the command prompt as Administrator, and run setup.cmd on that same directory (…\ubilogin-sso\ubilogin). 
  4. Import new Ubisecure SSO application secrets to LDAP

    Import SSO application secrets on Windows
    cd /d "C:\ubisecure\ubilogin-sso\ubilogin" 
    ldap\adam\import.cmd ldap\secrets.ldif
    Import SSO application secrets on Linux
    cd /usr/local/ubisecure/ubilogin-sso/ubilogin
    ./ldap/openldap/import.sh ldap\secrets.ldif
  5. Deploy Ubisecure SSO applications to Tomcat on Windows

    Deploy SSO applications to Tomcat on Windows
    ..\ubilogin-sso\ubilogin\config\tomcat\update.cmd


    Deploy SSO applications to Tomcat on Linux
    ./../ubilogin-sso/ubilogin/config/tomcat/update.sh


  6.  Ubisecure SSO is now working with the new address/port. The Ubisecure SSO metadata has changed. Make sure the new metadata is updated in all integrated applications.

 

Note

 The LDAP suffix can be found in file C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\uas\WEB-INF\jndi.properties:

java.naming.security.principal = cn=Server,ou=System,cn=Ubilogin,dc=login,dc=localhost,dc=com

Copy it starting at "cn=Ubilogin" to win32.config:

suffix=cn=Ubilogin,dc=login,dc=localhost,dc=com


For SSO 8.4 and later

Update accounting.url

For additional information, see the configuration instructions:
https://ubisecuredev.atlassian.net/wiki/display/IDS20181/Configuration+and+setup+application+to+create+configurations+-+SSO


If you are using a self-signed TLS certificate, generate a new self-signed certificate for the new host name as follows.

  1. Delete old keystore

    cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat"
    ren keystore.pfx keystore-old.pfx
  2. Create new keystore

    cd "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
    config\tomcat\cert.cmd
    Creating login.newplan.com keystore "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\keystore.pfx
  3. Update Tomcat

    config\tomcat\update.cmd
    The UbiloginServer service is stopping.
    The UbiloginServer service was stopped successfully.
    1 File(s) copied
    1 file(s) copied.
    840 File(s) copied
    The UbiloginServer service is starting.
    The UbiloginServer service was started successfully.
    Ubilogin Server updated at https://login.newplan.com:8445/ubilogin/
  4. Delete old certificate from Java cacerts

    "%JRE_HOME%\bin\keytool" -delete -keystore "%JRE_HOME%"\lib\security\cacerts -storepass changeit -alias ubisecure-sso-servercert
  5. Add new certificate to Java cacerts

    "%JRE_HOME%\bin\keytool.exe" -exportcert -keystore "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\keystore.pfx" -alias tomcat -storepass changeit | "%JRE_HOME%\bin\keytool" -importcert -keystore "%JRE_HOME%"\lib\security\cacerts -storepass changeit -alias ubisecure-sso-servercert -noprompt
    Certificate was added to keystore

If you have a CA signed certificate (after running setup, otherwise server.xml will be overwritten):

  1. Copy your pfx file to C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat
  2. Edit C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\conf\server.xml

    keystoreFile="C:\Program Files\Ubisecure\ubilogin-sso\ubilogin/custom/tomcat/mycert.pfx"
    keystorePass="mypassword" keystoreType="PKCS12"

  3. Add certificate to cacerts

    - First find out the alias (te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8 below)

    C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>"%JRE_HOME%\bin\keytool.exe" -list -keystore "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\ubidemo.pfx" -storepass <Enter password>

    Keystore type: JKS
    Keystore provider: SUN

    Your keystore contains 1 entry

    te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8, Sep 2, 2021, PrivateKeyEntry,
    Certificate fingerprint (SHA1): EF:CB:21:BB:07:13:A7:BE:C6:0C:24:03:0A:18:C6:60:78:B8:5E:27

    - Then add to cacerts

    C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>"%JRE_HOME%\bin\keytool.exe" -exportcert -keystore "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\ubidemo.pfx" -alias te-2b10b1e8-5fde-4e95-976b-fcd293bc87a8 -storepass <Enter password> | "%JRE_HOME%\bin\keytool" -importcert -keystore "%JRE_HOME%"\lib\security\cacerts -storepass changeit -alias ubisecure-sso-servercert -noprompt
    Certificate was added to keystore
  4. Run tomcat update
  5. Change login page links if any

Note

All OIDC and SAML integrations need a new metadata / configuration if the host name was changed



Related content

Change the hostname of a CustomerID installation
Change the hostname of a CustomerID installation
Read with this
SSO Management API configuration
SSO Management API configuration
More like this
Configuring CORS with credentials - SSO
Configuring CORS with credentials - SSO
Read with this
Deployment of public SSO endpoints and administration services to different hostnames or port numbers
Deployment of public SSO endpoints and administration services to different hostnames or port numbers
More like this
Linux single node installation - SSO
Linux single node installation - SSO
Read with this
Management API configuration - SSO
Management API configuration - SSO
More like this