Univention Bugzilla – Bug 39570
SAML as single server solution
Last modified: 2015-11-17 12:11:58 CET
A SDB article should be added for this scenario. +++ This bug was initially created as a clone of Bug #39549 +++ By default ucs-sso creates a failsafe setup. This is helpful in a normal domain setup. If only one system is used for example a public EC2 instance, two DNS names are required. It should be possible to force only one external DNS name.
> I'm now able to configure the host as follows: > > FQDN=ec2-52-19-56-218.eu-west-1.compute.amazonaws.com > ucr set ucs/server/sso/autoregistraton=no \ > saml/idp/entityID="https://${FQDN}/simplesamlphp/saml2/idp/metadata.php" \ > saml/idp/certificate/privatekey="/etc/simplesamlphp/${FQDN}-idp-certificate. > key" \ > saml/idp/certificate/certificate="/etc/simplesamlphp/${FQDN}-idp- > certificate.crt" \ > ucs/server/sso/fqdn=$FQDN \ > umc/saml/sp-server=$FQDN \ > ucs/server/sso/virtualhost=false \ > apache2/ssl/certificate=/etc/univention/ssl/${FQDN}/cert.pem \ > apache2/ssl/key=/etc/univention/ssl/${FQDN}/private.key > > echo "ServerName $FQDN" >>/etc/apache2/ucs-sites.conf.d/servername > > univention-certificate new -name $FQDN > /etc/init.d/apache2 restart > univention-run-join-scripts --force --run-scripts 91univention-saml.inst > ucr set > umc/saml/idp-server=https://${FQDN}/simplesamlphp/saml2/idp/metadata.php > univention-run-join-scripts --force --run-scripts > 92univention-management-console-web-server.inst
When writing the sdb article, the following lines from the example can be omitted. Also, add a note that the host has to be able to resolve the FQDN for the certificate download, maybe suggest an ucr hosts/static/ entry univention-certificate new -name $FQDN /etc/init.d/apache2 restart
Created new article: Configure SAML Single Sign-On as single server solution http://sdb.univention.de/admin/index.php?action=editentry&id=339&lang=en
OK, the article is now online: http://sdb.univention.de/1352
UCS 4.1 has been released: https://docs.software-univention.de/release-notes-4.1-0-en.html https://docs.software-univention.de/release-notes-4.1-0-de.html If this error occurs again, please use "Clone This Bug".