Univention Bugzilla – Bug 50257
Run the SAML-IdP by default at the same hostname as the server
Last modified: 2019-09-27 09:49:12 CEST
Probably related to Bug #49985 So that customers can start quickly, it would be necessary if the SAML-IdP would run under the same hostname as the server by default. The shared subdomain (ucs-sso) is an obstacle in all known customer projects. Typical scenario is the installation under an internal domain and the configuration of an external domain using the following article: https://help.univention.com/t/configure-saml-single-sign-on-as-single-server-solution/6681 However, this must be adapted. See Bug #49985 Sometimes following error message appears: curl: (51) SSL: no alternative certificate subject name matches target host name 'FQDN:XYZ' Then please try if the following URL is reachable in your browser without a certificate warning: https://FQDN:XYZ/simplesamlphp/saml2/idp/metadata.php If this is not the case, please try if setting the following UCR variables will help: ucr set apache2/ssl/key=/etc/univention/letsencrypt/domain.key apache2/ssl/certificate=/etc/univention/letsencrypt/signed_chain.crt