How to Configure your Browser to use your Windows Login to authenticate via SAML/Kerberos.
- Your Windows Client has to be joined into the UCS Samba/AD
- Your Ubuntu Client has to be joined via univention-domain-join
Install the RootCA of your UCS domain into your OS certificate cache and/or your browser’s certificate cache.
To allow Kerberos authentication at the identity provider, the Univention Configuration Registry variable
saml/idp/authsource has to be changed from
univention-negotiate on your UCS master and each
ucs-sso configured server.
Your Kerberos ticket is a precious piece of information, like your password, so your browser won’t just send it everywhere. You need to configure a permission for any domain you want to use your login with.
about:config and search for
Change it’s value to
Chrome / IE / Edge
Go to the Windows System Control Panel and open Internet Options → Security → Local Intranet → Sites → Advanced and add
You now should be able to open the UMC without further login.