How to re-initialize the Office365 connection after your have re-newed your UCS SSO/SAML certificates.
You might see an error message when trying to login to O365:
Unable to verify token signature. The signing key identifier does not match any valid registered keys
The new certificates are located at
/etc/simplesamlphp/and are called
ucs-sso.<DOMAIN-NAME>-idp-certificate.key which are copied from
Update internal structures following this article.
Re-execute related join script:
univention-run-join-scripts --force --run-scripts 92univention-management-console-web-server.inst
Start the generation of the PowerShell script for Windows.
Copy the generated script (usually at
/var/lib/univention-office365/saml_setup_defaultADconnection.bat) to a Windows machine and run it to re-register your keys.
Note: You will need the Azure AD admin credentials for this step!
Afterwards login should succeed again.
For further issues also consider this article