Univention Bugzilla – Attachment 7298 Details for
Bug 39516
Single Sign On Documentation for ISVs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
saml.diff
saml.diff (text/plain), 2.53 KB, created by
Stefan Gohmann
on 2015-11-15 11:51 CET
(
hide
)
Description:
saml.diff
Filename:
MIME Type:
Creator:
Stefan Gohmann
Created:
2015-11-15 11:51 CET
Size:
2.53 KB
patch
obsolete
>Index: sso.xml >=================================================================== >--- sso.xml (Revision 65519) >+++ sso.xml (Arbeitskopie) >@@ -16,7 +16,7 @@ > <para> > UCS provides <foreignphrase>Single Sign-On</foreignphrase> functionality with a SAML 2.0 compatible identity provider based on <package>simplesamlphp</package>. > The identity provider is by default installed on the DC Master and all DC Backup servers. >- A DNS Record for all Systems providing <foreignphrase>Single Sign-On</foreignphrase> services is registered for failover, usually <uri>ucs-sso.domainname</uri>. >+ A DNS Record for all systems providing <foreignphrase>Single Sign-On</foreignphrase> services is registered for failover, usually <uri>ucs-sso.domainname</uri>. > Clients are required to be able to resolve the <foreignphrase>Single Sign-On</foreignphrase> DNS name. > </para> > >@@ -26,7 +26,7 @@ > New service providers can be registered by using the <foreignphrase>UDM</foreignphrase> module <option>saml/serviceprovider</option>. > To create a new service provider entry in a <foreignphrase>joinscript</foreignphrase>, see the following example: > <screen> >-eval $(ucr shell) >+eval "$(ucr shell)" > udm saml/serviceprovider create "$@" \ > --ignore_exists \ > --position "cn=saml-serviceprovider,cn=univention,$ldap_base" \ >@@ -49,7 +49,7 @@ > The service provider usually requires at least a public certificate or XML metadata about the identity provider. > The certificate can e.g. be downloaded with the following call: > <screen> >-eval $(ucr shell) >+eval "$(ucr shell)" > wget --ca-certificate /etc/univention/ssl/ucsCA/CAcert.pem \ > https://"${ucs_server_sso_fqdn:-ucs-sso.$domainname}"/simplesamlphp/saml2/idp/certificate \ > -O /etc/idp.cert >@@ -70,9 +70,11 @@ > <para> > To provide users with a convenient link to an identity provider initiated login, the following ucr command may be used > <screen> >+fqdn="ucs-sso.domainname" >+myspi="MyServiceProviderIdentifier" > ucr set ucs/web/overview/entries/service/SP/description="External Service Login" \ > ucs/web/overview/entries/service/SP/label="External Service SSO" \ >-ucs/web/overview/entries/service/SP/link="https://ucs-sso.domainname/simplesamlphp/saml2/idp/SSOService.php?spentityid=MyServiceProviderIdentifier" \ >+ucs/web/overview/entries/service/SP/link="https://$fqdn/simplesamlphp/saml2/idp/SSOService.php?spentityid=$myspi" \ > ucs/web/overview/entries/service/SP/description/de="Externer Dienst Login" \ > ucs/web/overview/entries/service/SP/label/de="Externer Dienst SSO" \ > ucs/web/overview/entries/service/SP/priority=50
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7298">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 39516
: 7298