Page tree
Skip to end of metadata
Go to start of metadata


When following the instructions given in this manual, it is advisable to type the commands manually instead of copy/pasting them. This is because sometimes characters may be lost or modified in the copying process.

Check Java

Make sure you have Java installed according to Installation requirements - SSO.

Set up a system wide JRE_HOME environment variable

  • In Linux the method and best practice may vary based on your distribution, but one of following approaches should work:
    • define JRE_HOME in the /etc/environment file
    • create a new file called e.g. /etc/profile.d/ and define JRE_HOME in it.
  • Set the JRE_HOME environment variable so it refers to the Server JRE's jre directory (e.g. JRE_HOME= /usr/local/java/jdk1.8.0_181/jre ).
  • Note, that /etc/sudoers may enforce a secure environment. Make sure that the configuration exports JRE_HOME and JAVA_HOME in /etc/sudoers.

Unpack the Software

Unpack the tar archive to /usr/local/ubisecure.

mkdir -p /usr/local/ubisecure
tar -xzvf sso-x.x.x-unix.tar.gz –C /usr/local/ubisecure

Install dependencies

For 64 bit Redhat linux, the glibc and libgcc packages for i686 must be installed, update needs to be run for 64bit version of libgcc to prevent version mismatch problem. Linux standard base package is also needed.

yum install glibc.i686
yum update libgcc
yum install libgcc.i686
yum install lsb

Modify the Configuration Template

Copy the configuration template to /usr/local/ubisecure/ubilogin-sso/ubilogin:

cd /usr/local/ubisecure/ubilogin-sso/ubilogin
cp config/unix.config .

Open unix.config file in a text editor. Modify the public visible URL address of the Ubisecure deployment, which is set with key uas.url. The installation is only accessible from the local machine if the value is set as localhost. The resulting line for uas.url might look like the following:

uas.url =

Finally, create the configuration files with the script.


New LDAP passwords are generated every time the setup command is executed. For this reason, the  secrets.ldif   file must be imported to the LDAP directory after running the setup script. After this, the Tomcat update script must be run to have the applications use the new passwords. See Applications upgrade - SSO  for more details about the update process.

Set Up the System User

Run the following command to set up the system user ubilogin. The newly-created user will be used for running the Ubisecure SSO and Ubisecure Directory.


Install Ubisecure Directory

Install OpenLDAP using following command:


When the OpenLDAP install script prompts for LDAP Password, type secret and press return.

In RedHat 7 script fails.

As a workaround, start OpenLDAP from shell by executing:


After OpenLDAP has started, open a new shell and execute the following commands:

./ ../cnroot.ldif
 ./ ../uas.ldif
 ./ ../secrets.ldif
 ./ ../system-password.ldif
 ./ groups.ldif

After finishing the execution, kill the OpenLDAP instance from the other window.

When using LDAPS, cacert.pem, server certificate and server certificate key needs to be located at /usr/local/ubisecure/ubilogin-sso/openldap/etc/openldap/ and TLSCACertificateFile, TLSCertificateFile and TLSCertificateKeyFile needs to be uncommented from slapd.conf.

Install Ubisecure SSO Tomcat

Run the Tomcat install script to install and configure Tomcat to start automatically when Linux is started:


The install script does the following:

  1. Creates a self-signed SSL certificate for test purposes.
  2. Installs the applications in ubilogin/webapps for Tomcat.
  3. Creates the init scripts used to start and stop the Tomcat process.

Start Ubisecure SSO

Start the Ubisecure SSO process using the following commands.

/etc/init.d/ubilogin-directory start  
/etc/init.d/ubilogin-server start

Continue on page Single node installation finalization - SSO to verify that the installation was successful.

  • No labels