Univention Bugzilla – Bug 48042
Switch to php-fpm for saml
Last modified: 2023-11-16 06:32:02 CET
We might want to switch to php-fpm for saml, instead of using apache to interpret the php code. That way we could remove the use of suexec, which should make the apache configuration easier and more flexible. See also bug 40000, bug 43830 and the help article: https://help.univention.com/t/configure-saml-single-sign-on-as-single-server-solution/6681
PoC: https://git.knut.univention.de/univention/ucs/-/merge_requests/new?merge_request%5Bsource_branch%5D=phahn%2F48042-saml-fpm
Another option might be `mod_php`, which embeds one PHP interpreter into Apache itself. This has several drawbacks: - only one version of PHP can be used at a time - PHP has multi-threading issues and only works with mpm_prefork See <https://cwiki.apache.org/confluence/display/HTTPD/php> PS: UCS 5.2 switches from SimpleSAMLPHP to Keycloak, so this change request will become obsolete in some years.