Index: sso.xml
===================================================================
--- sso.xml (Revision 65519)
+++ sso.xml (Arbeitskopie)
@@ -16,7 +16,7 @@
UCS provides Single Sign-On functionality with a SAML 2.0 compatible identity provider based on simplesamlphp.
The identity provider is by default installed on the DC Master and all DC Backup servers.
- A DNS Record for all Systems providing Single Sign-On services is registered for failover, usually ucs-sso.domainname.
+ A DNS Record for all systems providing Single Sign-On services is registered for failover, usually ucs-sso.domainname.
Clients are required to be able to resolve the Single Sign-On DNS name.
@@ -26,7 +26,7 @@
New service providers can be registered by using the UDM module .
To create a new service provider entry in a joinscript, see the following example:
-eval $(ucr shell)
+eval "$(ucr shell)"
udm saml/serviceprovider create "$@" \
--ignore_exists \
--position "cn=saml-serviceprovider,cn=univention,$ldap_base" \
@@ -49,7 +49,7 @@
The service provider usually requires at least a public certificate or XML metadata about the identity provider.
The certificate can e.g. be downloaded with the following call:
-eval $(ucr shell)
+eval "$(ucr shell)"
wget --ca-certificate /etc/univention/ssl/ucsCA/CAcert.pem \
https://"${ucs_server_sso_fqdn:-ucs-sso.$domainname}"/simplesamlphp/saml2/idp/certificate \
-O /etc/idp.cert
@@ -70,9 +70,11 @@
To provide users with a convenient link to an identity provider initiated login, the following ucr command may be used
+fqdn="ucs-sso.domainname"
+myspi="MyServiceProviderIdentifier"
ucr set ucs/web/overview/entries/service/SP/description="External Service Login" \
ucs/web/overview/entries/service/SP/label="External Service SSO" \
-ucs/web/overview/entries/service/SP/link="https://ucs-sso.domainname/simplesamlphp/saml2/idp/SSOService.php?spentityid=MyServiceProviderIdentifier" \
+ucs/web/overview/entries/service/SP/link="https://$fqdn/simplesamlphp/saml2/idp/SSOService.php?spentityid=$myspi" \
ucs/web/overview/entries/service/SP/description/de="Externer Dienst Login" \
ucs/web/overview/entries/service/SP/label/de="Externer Dienst SSO" \
ucs/web/overview/entries/service/SP/priority=50