--- a/management/univention-management-console/univention-management-console-web-server	
+++ a/management/univention-management-console/univention-management-console-web-server	
@@ -389,9 +389,10 @@ class QueueRequest(object):
 
 class User(object):
 
-	def __init__(self, sessionid, username, saml=None):
+	def __init__(self, sessionid, username, password, saml=None):
 		self.sessionid = sessionid
 		self.username = username
+		self.password = password
 		self.saml = saml
 
 	def get_client(self):
@@ -674,10 +675,10 @@ class Ressource(object):
 		if morsel:
 			return morsel.value
 
-	def set_session(self, sessionid, username, saml=None):
+	def set_session(self, sessionid, username, password=None, saml=None):
 		olduser = self.get_user()
 
-		user = User(sessionid, username, saml or olduser and olduser.saml)
+		user = User(sessionid, username, password, saml or olduser and olduser.saml)
 
 		self.sessions[sessionid] = user
 		self.set_cookies(('UMCSessionId', sessionid), ('UMCUsername', username))
@@ -690,12 +691,12 @@ class Ressource(object):
 			UMCP_Dispatcher.cleanup_session(sessionid)
 			self.set_cookies(('UMCSessionId', ''), expires=datetime.datetime.fromtimestamp(0))
 
-	def get_user(self):
+	def get_user(self, force=False):
 		value = self.get_session_id()
 		if not value or value not in self.sessions:
 			return
 		user = self.sessions[value]
-		if user.time_remaining <= 0:
+		if not force and user.time_remaining <= 0:
 			return
 		return user
 
@@ -776,6 +777,13 @@ class CPgeneric(Ressource):
 		self.set_accept_language(request)
 
 		response_queue = Queue.Queue()
+		user = self.get_user(True)
+		if user and user.password and not UMCP_Dispatcher.sessions.get(sessionid):
+			auth = Request('AUTH')
+			auth.body = {'username': user.username, 'password': user.password}
+			auth_response = Queue.Queue()
+			UMCP_Dispatcher._queue_send.put(QueueRequest(sessionid, request, auth_response, get_ip_address(), self.session_validity))
+			auth_response.get()
 		queue_request = QueueRequest(sessionid, request, response_queue, get_ip_address(), self.session_validity)
 		UMCP_Dispatcher._queue_send.put(queue_request)
 
@@ -1026,7 +1034,7 @@ class CPAuth(CPgeneric):
 		if response.mimetype == 'application/json':
 			username = response.body.get('username', username)
 			body = json.dumps(response.body)
-		self.set_session(sessionid, username)
+		self.set_session(sessionid, username, password=req.body.get('password'))
 		return body
 
 	def basic(self):
@@ -1147,7 +1155,7 @@ class SAML(Ressource):
 	def attribute_consuming_service(self, binding, message, relay_state):
 		response = self.acs(message, binding)
 		saml = SAMLUser(response, message)
-		self.set_session(self.create_sessionid(), saml.username, saml)
+		self.set_session(self.create_sessionid(), saml.username, saml=saml)
 		raise HTTPRedirect('/univention/auth/sso')
 
 	def attribute_consuming_service_iframe(self, binding, message, relay_state):
@@ -1163,7 +1171,7 @@ class SAML(Ressource):
 		}
 		sessionid = self.create_sessionid()
 		auth_response = cherrypy.request.app.root.auth._auth_request(req, sessionid)
-		self.set_session(sessionid, saml.username, saml)
+		self.set_session(sessionid, saml.username, saml=saml)
 		cherrypy.response.headers['Content-Type'] = 'text/html'
 		return '<html><body><textarea>%s</textarea></body></html>' % (auth_response,)