diff --git a/saml/univention-saml/listener/univention-saml-groups.py b/saml/univention-saml/listener/univention-saml-groups.py
index d6b48fdb5d..df7bb70db5 100644
--- a/saml/univention-saml/listener/univention-saml-groups.py
+++ b/saml/univention-saml/listener/univention-saml-groups.py
@@ -43,7 +43,7 @@ description = 'Write SAML enabled groups to json file, to be read by the service
 filter = '(objectClass=univentionSAMLEnabledGroup)'
 attributes = ['enabledServiceProviderIdentifierGroup']
 path = '/etc/simplesamlphp/serviceprovider_enabled_groups.json'
-tmp_path = '/tmp/serviceprovider_enabled_groups.json'
+tmp_path = '/etc/simplesamlphp/serviceprovider_enabled_groups.json.new'
 uid = pwd.getpwnam("samlcgi").pw_uid
 gid = grp.getgrnam("samlcgi").gr_gid
 
@@ -86,7 +86,7 @@ def handler(dn, new, old):
 
 		with open(tmp_path, 'w+') as outfile:
 			json.dump(data, outfile)
-			os.chmod(tmp_path, 0600)
+			os.chmod(tmp_path, 0o600)
 			os.chown(tmp_path, uid, gid)
 		shutil.move(tmp_path, path)
 	finally: