Currently after the SAML login succeeds one is redirected to /univention/auth/sso which makes a UMCP AUTH request with the SAML message to the UMC-Server. This is not necessary to be done immediately as the SAML message itself already says the login was successful. We need to do this nevertheless of course before sending any UMCP-call to the UMC-Server. The UMC-Webserver detects the state of the connection already and pre-pends the UMCP AUTH request. So we can simply remove the redirection to /univention/auth/sso and gain some performance and drop one unnecessary long request, which opens a whole UMC session. This is especially useful for Portal only users, which will never log in into UMC.
You can already do the QA with git:dcd73a5d4f5630327681bd5d36f9593387d9c2f1.
The SAML authentication is now (automatically) delayed to the first use of creating a connection to the UMC server. Therefore portal users don't need to authenticate at the UMC-Server. univention-management-console.yaml 0199de86341f | YAML Bug #52297 univention-management-console (11.0.5-22) da7c3cc48362 | fixup! Bug #52297: explicitly add all possible configuration variables to SAML config 16d09074fc3f | Bug #52297: explicitly add all possible configuration variables to SAML config 7ceeae243a59 | Bug #52297: Delay unnecessary UMC authentication after Single Sign on
YAML: OK Delay: OK, no action in UMC after SAML login Code: OK
<https://errata.software-univention.de/#/?erratum=4.4x822>