Univention Bugzilla – Bug 39549
SAML as single server solution
Last modified: 2015-11-17 12:11:27 CET
By default ucs-sso creates a failsafe setup. This is helpful in a normal domain setup. If only one system is used for example a public EC2 instance, two DNS names are required. It should be possible to force only one external DNS name.
I've added some two new UCR variables: umc/saml/sp-server ucs/server/sso/virtualhost I'm now able to configure the host as follows: FQDN=ec2-52-19-56-218.eu-west-1.compute.amazonaws.com ucr set ucs/server/sso/autoregistraton=no \ saml/idp/entityID="https://${FQDN}/simplesamlphp/saml2/idp/metadata.php" \ saml/idp/certificate/privatekey="/etc/simplesamlphp/${FQDN}-idp-certificate.key" \ saml/idp/certificate/certificate="/etc/simplesamlphp/${FQDN}-idp-certificate.crt" \ ucs/server/sso/fqdn=$FQDN \ umc/saml/sp-server=$FQDN \ ucs/server/sso/virtualhost=false \ apache2/ssl/certificate=/etc/univention/ssl/${FQDN}/cert.pem \ apache2/ssl/key=/etc/univention/ssl/${FQDN}/private.key echo "ServerName $FQDN" >>/etc/apache2/ucs-sites.conf.d/servername univention-certificate new -name $FQDN /etc/init.d/apache2 restart univention-run-join-scripts --force --run-scripts 91univention-saml.inst ucr set umc/saml/idp-server=https://${FQDN}/simplesamlphp/saml2/idp/metadata.php univention-run-join-scripts --force --run-scripts 92univention-management-console-web-server.inst
We should add a SDB article for the configuration: Bug #39570. The scenario can be tested through this bug.
Works fine, though the following lines may be omitted, as the calls are also done in 91univention-saml.inst univention-certificate new -name $FQDN /etc/init.d/apache2 restart
UCS 4.1 has been released: https://docs.software-univention.de/release-notes-4.1-0-en.html https://docs.software-univention.de/release-notes-4.1-0-de.html If this error occurs again, please use "Clone This Bug".