Running Keeper SSO Connect as a Service on Linux

Setting up a service on Linux

Once your server is setup and operational you should setup SSO Connect as a service. This operation will vary depending on your OS.

  1. If the application is still running because you configured it with the web interface, stop the running instance on the command line by entering CTRL-C.

  2. As the root user, create a system startup file /etc/systemd/system/ssoconnect.service with the following content (replace /path/to/keeper with your exact path and replace <user> with your username that will be running the process

[Unit]
Description=SSO Connect Java Daemon
[Service]
WorkingDirectory=/path/to/keeper (i.e. /home/keeperservice/sso_connect)
User=<user> (i.e. root)
ExecStartPre=/bin/sleep 10
ExecStart=/usr/bin/java -jar /path/to/keeper/SSOConnect.jar
[Install]
WantedBy=multi-user.target

"chmod" the file:

sudo chmod 644 /etc/systemd/system/ssoconnect.service

Enable the service to auto-start.

sudo systemctl enable ssoconnect.service

Run systemctl to start the service.

$ systemctl start ssoconnect
$ systemctl status ssoconnect

Troubleshooting Linux

To test the service response or to monitor the health of the Keeper SSO Connect instances, you can query the "Ping URL" which in the above example is:

http://127.0.0.1:9000/ping

Note the local ping is being used here because we connected to the local instance via port forward. To check the service running from the outside (external users) you can use the public port:

$ curl "https://<public_ip_or_dns>:<port>/ping"

Example request/response:

curl "https://sso.acme-demo.com:8443/ping"
{"configuration":"Running","sync_revision":41838,"sync":"Thu Nov 21 07:36:51 UTC 2019","version":"o14.1.2.4","sso":"Running","status":"Ready"}

You can review log files which are located by default in /path/to/keeper/logs/ssoconnect.log. The logging is done through a standard log4j2.xml file located in the install directory. You may change the log4j2.xml file to place your log files anywhere you wish.

$ tail -f /path/to/keeper/logs/ssoconnect.log

The next section provides Identity Provider setup instructions for each major vendor.