The package univention-saml contains the file /usr/share/simplesamlphp/modules/univentiontheme/themes/univention/default/includes/header.php which unconditionally sets the "X-Frame-Options" header to "SAMEORIGIN". This is a problem when trying to use the UCS 5 portal preview (on UCS 4.4).

For example, if the portal is available at https://portal.my.site and the SSO login URL is https://ucs-sso.my.site, the browser will refuse to display content from https://ucs-sso.my.site in the frame loaded from https://portal.my.site, making login impossible.

Commenting out the line setting said header restores functionality.

There are several UCR variables that need to be set for the UCS5 portal preview to work correctly as far as I know. They're all set. Making this header depend on one of those variables might be a solution, as might be introducing a new UCR variable solely for this purpose.