First Last Prev Next    This bug is not in your last search results.
Bug 56483 - Add SSO hostname/fqdn to certificates generated for SAML provider hosts
Add SSO hostname/fqdn to certificates generated for SAML provider hosts
Status: NEW
Product: UCS
Classification: Unclassified
Component: SSL
UCS 5.0
All All
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
https://github.com/univention/univent...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-08-24 14:00 CEST by Stefan Rubner
Modified: 2023-11-21 15:35 CET (History)
2 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Rubner 2023-08-24 14:00:37 CEST 
Right now, when creating (new) certificates for the hosts using "univention-certificate" only DNS entries for the FQDN and hostname are included. It would be nice if the defined SSO hostname/FQDN would be included for hosts that are defined as SAML providers (re: ucr shell | grep _saml_idp_). Since the generated certificates are also used in Samba/Ldap/etc. this would allow for using the already defined SSO hostname for use as LDAP auth source using either pure LDAP or the Samba provided AD variant without failing the hostname check on the certificate.
This could be achieved by a minor change to make-certificates.sh (PR to follow shortly)
Comment 1 Stefan Rubner 2023-08-24 14:06:01 CEST 
PS to be found here: https://github.com/univention/univention-corporate-server/pull/49
First Last Prev Next    This bug is not in your last search results.