First Last Prev Next    This bug is not in your last search results.
Bug 50257 - Run the SAML-IdP by default at the same hostname as the server
Run the SAML-IdP by default at the same hostname as the server
Status: NEW
Product: UCS
Classification: Unclassified
Component: SAML
UCS 4.4
Other Mac OS X 10.1
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-25 09:17 CEST by Michel Smidt
Modified: 2019-09-27 09:49 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.257
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michel Smidt 2019-09-25 09:17:09 CEST 
Probably related to Bug #49985

So that customers can start quickly, it would be necessary if the SAML-IdP would run under the same hostname as the server by default. The shared subdomain (ucs-sso) is an obstacle in all known customer projects.
Typical scenario is the installation under an internal domain and the configuration of an external domain using the following article: https://help.univention.com/t/configure-saml-single-sign-on-as-single-server-solution/6681
However, this must be adapted. See Bug #49985

Sometimes following error message appears:
curl: (51) SSL: no alternative certificate subject name matches target host name 'FQDN:XYZ'
Then please try if the following URL is reachable in your browser without a certificate warning:
https://FQDN:XYZ/simplesamlphp/saml2/idp/metadata.php

If this is not the case, please try if setting the following UCR variables will help:
ucr set apache2/ssl/key=/etc/univention/letsencrypt/domain.key apache2/ssl/certificate=/etc/univention/letsencrypt/signed_chain.crt
First Last Prev Next    This bug is not in your last search results.