Univention Bugzilla – Bug 56561
wrong redirect for UMC session timeout when using external keycloak
Last modified: 2023-12-20 21:35:50 CET
UCS: 5.0-4 errata788 with external Keycloak as idp server: Steps to reproduce: - The admin is logged into UMC and waits until the session timeout. - He is informed about the timeout: """Ihre Sitzung ist abgelaufen, bitte melden sie sich erneut an.""" - Next click on "Login" will redirect the user to the univention/login (not saml) page! Expected would be a redirect to the login from the configured idp.
Please give information what errors are displayed in the Javascript console? And which requests are done during the session timeout - with which response status codes.
Workaround (for Keycloak): univention-keycloak saml/sp update --metadata-file /usr/share/univention-management-console/saml/sp/metadata.xml "$entity_id" '{"attributes": {"saml.assertion.lifespan": 28800}}' Workaround (for SimpleSAMLphp): ucr set umc/saml/assertion-lifetime=28800 /usr/share/univention-management-console/saml/update_metadata