Univention Bugzilla – Bug 56483
Add SSO hostname/fqdn to certificates generated for SAML provider hosts
Last modified: 2023-11-21 15:35:58 CET
Right now, when creating (new) certificates for the hosts using "univention-certificate" only DNS entries for the FQDN and hostname are included. It would be nice if the defined SSO hostname/FQDN would be included for hosts that are defined as SAML providers (re: ucr shell | grep _saml_idp_). Since the generated certificates are also used in Samba/Ldap/etc. this would allow for using the already defined SSO hostname for use as LDAP auth source using either pure LDAP or the Samba provided AD variant without failing the hostname check on the certificate. This could be achieved by a minor change to make-certificates.sh (PR to follow shortly)
PS to be found here: https://github.com/univention/univention-corporate-server/pull/49