Document toolboxDocument toolbox

EF SSO Server Deployment Guide

Expertflow SSO Utility Deployment Guide

Overview

The project's primary purpose was to develop a backend module that gets SSO(Single Sign On) Token from Cisco IDS and passes that token to the agent for their XMPP subscription and calls all cisco finesse APIs.

Prerequisites

The following are the mandatory prerequisites for a smooth installation.

Hardware Requirements

These requirements suffice for deployment.

Item

Recommended

Notes

CPU

2 vCPU

Can be co-hosted

Memory

4 GB



Disk Space

30 GB

The minimum disk space requirement is 5 GB. The recommendation is to account for transactional storage and logs.

Software Requirements

Item

Recommended

Notes

Operating System

  • Windows(Windows 10) 

  • Linux (Cent OS 7)

supported on these operating systems

Docker Community Edition

20.10.17 or above

tested on this version

Docker Compose

1.29.2 or above

tested on this version

Git Client 

1.8.3.1 or above

tested on this version

Linux Utilities

  • wget

  • curl





Certificates for HTTPS

Certificates for HTTPS

  • Certificates from a valid signing authority or Domain signed certificate are required for HTTPS protocol support

Port Utilization Requirements

The default port used by the service is port <1125>whereas it can be changed when deploying the docker image. Following ports should remain open on the Firewall. The local security policy and any antivirus should also allow open communication on the following ports:

Type

Source Host

Source Port

Destination Host

Destination Port

HTTPS

<Server Application>



any/ (default 1125)

<IDS Server>

8553

HTTPS

<ASDF Server>

HTTPS

<Client Application>

<Server Application>

any/ (default 1125)

** Server Application = This is the backend application we will deploy for the SSO Utility. 

** Client Application = Agent browser on which Agent will access the AccessToken.

** IDS Server = Machine IP where Identity Service Management is deployed which is integrated with the finesse.

** ASDF Server = Active Directory Federation Services through all SSO agents are authenticated

Time Synchronization Requirements

The system can produce unpredictable results if the system date and time are not synchronized. Therefore, please make every effort to adhere to the following time synchronization guidelines:

The server machine and Agents machines should have their Time Zone and time configured properly according to the geographic region and synchronized. The application servers should be synchronized to the second. This synchronization should be maintained continuously and validated on a regular basis.

Software installation guide

Kindly follow the link mentioned below for the installation of each required software.

Deployment Steps

Run Utility as a Docker Container

  1. Pull the latest release of SSO Utility from gdrive and extract the zip folders.


  2. run the following command in Linux server
    mkdir –m777 SSO_utility

  3. this will create the SSO_utility directory. 

  4. use cd command to go into the SSO_utility directory
    cd SSO_utility

  5. upload the extracted files into this directory.

  6. Edit your environment variable file.

  7. now run deploy.sh file using the following command:
    bash deploy.sh

    and you can see after completion your docker image is running

  8. if you see any permission denied error kindly run the following command and after that run step 7 again

    Add Permission

    cd .. chmod -R 777 SSO_utility cd SSO_utility

Run Utility as a Windows Service

Pull the latest release of SSO Utility Service from gdrive and extract the zip folders into some directory and follow the step to run the service in windows as a service:

  1. navigate to the directory where you have extracted the utility.

  2. Edit your configuration file.

  3. open the windows PowerShell/ cmd as administrator, navigate to the directory where nssm.exe, scheduling-tasks-0.0.1-SNAPSHOT.jar and run.bat files are placed. 

  4. run the .\nssm.exe install SSO_Utility command.


  5. windows popup will appear, select the path of run.bat file.


  6. Click install service and close the PowerShell/ cmd


  7. open windows services settings, search for SSO_Utility, and open that service.

  8. check startup type is Automatic or not, if not select Automatic.


  9.  then press the start, and the extension module will be up in the background.

Edit Configurations

open the environment-variable.env file using vi or vim command as mentioned bellow:

vim environment-variable.env

Note: If you wanted to know about vim command, Here is the detail.

In case of running utility as a windows service

  1.  Right click the .jar file and open with WinRAR.

  2. navigate to \BOOT-INF\classes


  3. open application.properties file and edit properties according to the following table

 environment-variables.env Name

application.properties Name

Default Value

Description

 environment-variables.env Name

application.properties Name

Default Value

Description

ids1_url

IDS_URL

https://<CCX_Host>:8553/ids/v1/

change the IP of your IDS server machine

redirect_base_uri

REDIRECT_URI

https://<server_ip>:<server_port>/idscallback

change IP and port of your server application where sso utility is deployed.

client_id

CLIENT_ID

<IDS_Client_ID>

client_id you get from IDS while registering your application is on IDS.

serverports

server.port

<https_port>

https port on which your utility will work.

serverport

server.http.port

<http_port>

HTTP port on which your machine will work

allowedOrigins

allowedOrigins

*

CORS allow 

keystoretype

server.ssl.key-store-type

PKCS12

https certificate type.

keystorepassword

server.ssl.key-store-password

password

certificate password

keyAlias

server.ssl.keyAlias

springboot

name of the certificate file

keystorepath

server.ssl.key-store

  • Docker Deployment:
    file:/usr/src/sso_app/ssl/springboot.p12

  • Windows Service Deployment
     classpath:/certs/springboot.p12



ssl_enabled

server.ssl.enabled

true

to enable SSL port.

Note

** IF you want to change certificates, then use Deploy Creating Local Image, replace your certificate files in the cert folder, and update the environment-variable.env file.

Register Your Application on IDS

  1. Navigate to the Identity Service Management console by going to: https://<your_CCX_Host>:8553/idsadmin

  2. Login using the Cisco UCCX/UCCE application user credentials.

  3. Select the Clients icon on the left side of the navigation.

  4. Click on the New button on the upper right-hand side.

  5. Fill the form

    • Enter a unique name for the client (partner application).

    • Enter one or more redirect URLs to which the authorization code has to be delivered. https://<utility_server_Host>:<utility_port>/idscallback

    • Click the '+' button on the right of the input field.

    • Add multiple IPs if you have deployed multiple SSO utility instances.

  6. Click the Add button to add the client

  7. you can see the client_id in the second column of clients table

Verification Test

Call the following API to test if the utility is working and your configuration are updated.

Request

URL

Response Code

Response Body

Request

URL

Response Code

Response Body

GET

https://<ServerIP>:<ServerPort>/testbackend

200OK

system is working fine

On successful calling the API you can see the ids properties in docker container logs, to open docker service logs using the following commands 

  • Execute the following command an copy the docker image id

docker ps -a |grep ssoconnector
  • Execute the following command to open docker logs

docker logs -f 1fa793a0c9ea

you can see your ids properties