First Last Prev Next    This bug is not in your last search results.
Bug 48042 - Switch to php-fpm for saml
Switch to php-fpm for saml
Status: NEW
Product: UCS
Classification: Unclassified
Component: SAML
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-23 11:01 CEST by Jürn Brodersen
Modified: 2023-11-16 06:32 CET (History)
3 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jürn Brodersen univentionstaff 2018-10-23 11:01:38 CEST 
We might want to switch to php-fpm for saml, instead of using apache to interpret the php code.

That way we could remove the use of suexec, which should make the apache configuration easier and more flexible.

See also bug 40000, bug 43830 and the help article:
https://help.univention.com/t/configure-saml-single-sign-on-as-single-server-solution/6681
Comment 2 Philipp Hahn univentionstaff 2023-11-16 06:32:02 CET 
Another option might be `mod_php`, which embeds one PHP interpreter into Apache itself. This has several drawbacks:
- only one version of PHP can be used at a time
- PHP has multi-threading issues and only works with mpm_prefork

See <https://cwiki.apache.org/confluence/display/HTTPD/php>

PS: UCS 5.2 switches from SimpleSAMLPHP to Keycloak, so this change request will become obsolete in some years.
First Last Prev Next    This bug is not in your last search results.