Document toolboxDocument toolbox

(3.0.5) EF SSO Server Deployment Guide

Owned by Navira Zainab
Feb 19, 2024
5 min read

Expertflow SSO Utility Deployment Guide

Overview

The project's primary purpose was to develop a backend module that gets SSO(Single Sign On) Token from Cisco IDS and passes that token to the agent for their XMPP subscription and calls all cisco finesse APIs.

Prerequisites

The following are the mandatory prerequisites for a smooth installation.

Hardware Requirements

These requirements suffice for deployment.

Item

Recommended

Notes

CPU

2 vCPU

Can be co-hosted

Memory

4 GB


Disk Space

30 GB

The minimum disk space requirement is 5 GB. The recommendation is to account for transactional storage and logs.

Software Requirements

Item

Recommended

Notes

Operating System

  • Windows(Windows 10) 
  • Linux (Cent OS 7)

supported on these operating systems

Docker Community Edition20.10.17 or abovetested on this version
Docker Compose1.29.2 or abovetested on this version
Git Client 1.8.3.1 or abovetested on this version
Linux Utilities
  • wget
  • curl

Certificates for HTTPS
  • Certificates from a valid signing authority or Domain signed certificate are required for HTTPS protocol support

Port Utilization Requirements

The default port used by the service is port <1125>whereas it can be changed when deploying the docker image. Following ports should remain open on the Firewall. The local security policy and any antivirus should also allow open communication on the following ports:

Type

Source Host

Source Port

Destination Host

Destination Port

HTTPS

<Server Application>


any/ (default 1125)

<IDS Server>

8553

HTTPS

<ASDF Server>

HTTPS

<Client Application>

<Server Application>

any/ (default 1125)

** Server Application = This is the backend application we will deploy for the SSO Utility. 

** Client Application = Agent browser on which Agent will access the AccessToken.

** IDS Server = Machine IP where Identity Service Management is deployed which is integrated with the finesse.

** ASDF Server = Active Directory Federation Services through all SSO agents are authenticated

Time Synchronization Requirements

The system can produce unpredictable results if the system date and time are not synchronized. Therefore, please make every effort to adhere to the following time synchronization guidelines:

The server machine and Agents machines should have their Time Zone and time configured properly according to the geographic region and synchronized. The application servers should be synchronized to the second. This synchronization should be maintained continuously and validated on a regular basis.

Software installation guide

Kindly follow the link mentioned below for the installation of each required software.

Item

Notes

Docker 

https://docs.docker.com/engine/install/centos/

Docker Compose 

https://docs.docker.com/compose/install/

Git Client

https://www.rosehosting.com/blog/how-to-install-git-on-centos-7/

Deployment Steps

Run Utility as a Docker Container

  1. Pull the latest release of SSO Utility from gdrive and extract the zip folders.

  2. run the following command in Linux server
    mkdir –m777 SSO_utility
  3. this will create the SSO_utility directory. 
  4. use cd command to go into the SSO_utility directory
    cd SSO_utility
  5. upload the extracted files into this directory.
  6. Edit your environment variable file.
  7. now run deploy.sh file using the following command:
    bash deploy.sh

    and you can see after completion your docker image is running

  8. if you see any permission denied error kindly run the following command and after that run step 7 again

    Add Permission 
    cd ..
chmod -R 777 SSO_utility
cd SSO_utility

Run Utility as a Windows Service

Pull the latest release of SSO Utility Service from gdrive and extract the zip folders into some directory and follow the step to run the service in windows as a service:

  1. navigate to the directory where you have extracted the utility.
  2. Edit your configuration file.

  3. open the windows PowerShell/ cmd as administrator, navigate to the directory where nssm.exe, scheduling-tasks-0.0.1-SNAPSHOT.jar and run.bat files are placed. 

  4. run the .\nssm.exe install SSO_Utility command.

  5. windows popup will appear, select the path of run.bat file.

  6. Click install service and close the PowerShell/ cmd

  7. open windows services settings, search for SSO_Utility, and open that service.

  8. check startup type is Automatic or not, if not select Automatic.

  9.  then press the start, and the extension module will be up in the background.

Edit Configurations

open the environment-variable.env file using vi or vim command as mentioned bellow:

vim environment-variable.env

Note: If you wanted to know about vim command, Here is the detail.

In case of running utility as a windows service

  1.  Right click the .jar file and open with WinRAR.
  2. navigate to \BOOT-INF\classes

  3. open application.properties file and edit properties according to the following table
 environment-variables.env Nameapplication.properties NameDefault ValueDescription
ids1_urlIDS_URLhttps://<CCX_Host>:8553/ids/v1/change the IP of your IDS server machine
redirect_base_uriREDIRECT_URIhttps://<server_ip>:<server_port>/idscallbackchange IP and port of your server application where sso utility is deployed.
client_idCLIENT_ID
<IDS_Client_ID>
client_id you get from IDS while registering your application is on IDS.
serverports
server.port<https_port>https port on which your utility will work.
serverport
server.http.port<http_port>HTTP port on which your machine will work
allowedOrigins
allowedOrigins*CORS allow 
keystoretype
server.ssl.key-store-type
PKCS12
https certificate type.
keystorepassword
server.ssl.key-store-password
password
certificate password
keyAlias
server.ssl.keyAlias
springboot
name of the certificate file
keystorepathserver.ssl.key-store
  • Docker Deployment:
    file:/usr/src/sso_app/ssl/springboot.p12
  • Windows Service Deployment
     classpath:/certs/springboot.p12

ssl_enabled
server.ssl.enabledtrueto enable SSL port.

Note

** IF you want to change certificates, then use Deploy Creating Local Image, replace your certificate files in the cert folder, and update the environment-variable.env file.

Register Your Application on IDS

  1. Navigate to the Identity Service Management console by going to: https://<your_CCX_Host>:8553/idsadmin

  2. Login using the Cisco UCCX/UCCE application user credentials.

  3. Select the Clients icon on the left side of the navigation.

  4. Click on the New button on the upper right-hand side.

  5. Fill the form

    • Enter a unique name for the client (partner application).

    • Enter one or more redirect URLs to which the authorization code has to be delivered. https://<utility_server_Host>:<utility_port>/idscallback

    • Click the '+' button on the right of the input field.

    • Add multiple IPs if you have deployed multiple SSO utility instances.

  6. Click the Add button to add the client

  7. you can see the client_id in the second column of clients table

Verification Test

Call the following API to test if the utility is working and your configuration are updated.

RequestURLResponse CodeResponse Body
GEThttps://<ServerIP>:<ServerPort>/testbackend200OKsystem is working fine

On successful calling the API you can see the ids properties in docker container logs, to open docker service logs using the following commands 

  • Execute the following command an copy the docker image id
docker ps -a |grep ssoconnector

  • Execute the following command to open docker logs
docker logs -f 1fa793a0c9ea

you can see your ids properties