Hello,
I have a similar issue as:
But in detail it is a little bit different, that i is why I start a new topic here.
I have one UCS-server (UCS 5.2.5) with a nextcloud instance on it. SAML-login to nextcloud and https://server.mydomain.intranet/univention/management/ works perfectly.
The problem I have is with with the login to the portal-site https://server.mydomain.intranet/univention/portal/
Problems with the login to the portal-site started with UCS 5.2.4 after an update of keycloak a few weeks ago. I am not shure, which version of keycloak it was. In the the mean time I have updated to UCS 5.2.5 and keycloak 26.5.5-ucs1. But the problem did not vanish. I still was at the login-method ‘ucs’. I provided the correct credentials, but the login page was shown again after login instead of the portal-site.
Today I have changed login to the portal-site from ‘ucs’ to ‘saml’ according to
Univention Corporate Server - Handbuch für Benutzer und Administratoren
4.2.3.1. SAML für Single Sign-On
and
Univention Keycloak app manual 26.5.5
4.1. Use Keycloak for login to Univention Portal
Now there is a login loop and in /var/log/syslog you can see the the following error:
2026-03-14T17:25:05.853596+01:00 server univention-portal-server[30880]: 30880 user 26-03-14 17:25:05 [ DEBUG]: searching user for cookies={'UMCLang': 'de-DE', 'UMCSessionId': '0d8cc7fd-0133-4044-ab38-ea49cd8dcf36', 'UMCUsername': 'Administrator'}
2026-03-14T17:25:05.889457+01:00 server univention-portal-server[30880]: 30880 user 26-03-14 17:25:05 [ ERROR]: request failed: HTTP 401: Unauthorized
2026-03-14T17:25:05.889766+01:00 server univention-portal-server[30880]: 30880 user 26-03-14 17:25:05 [ DEBUG]: no user found
2026-03-14T17:25:06.892152+01:00 server python3 /usr/sbin/univention-management-console-server: Loaded metadata from "/usr/share/univention-management-console/saml/idp/ucs-sso-ng.mydomain.intranet.xml"
2026-03-14T17:25:06.892907+01:00 server python3 /usr/sbin/univention-management-console-server: SAML assertion issuer is https://ucs-sso-ng.mydomain.intranet/realms/ucs
2026-03-14T17:25:06.894247+01:00 server python3 /usr/sbin/univention-management-console-server: SAML assertion audience https://server.mydomain.intranet/univention/saml/metadata
2026-03-14T17:25:06.894714+01:00 server python3 /usr/sbin/univention-management-console-server: SAML assertion condition NotBefore = 1773505504 (2026-03-14T16:25:04.290Z)
2026-03-14T17:25:06.895259+01:00 server python3 /usr/sbin/univention-management-console-server: SAML assertion condition NotOnOrAfter = 1773505804 (2026-03-14T16:30:04.290Z)
2026-03-14T17:25:06.895616+01:00 server python3 /usr/sbin/univention-management-console-server: SAML assertion AuthnStatement AuthnInstant = 1773505506
2026-03-14T17:25:06.895737+01:00 server python3 /usr/sbin/univention-management-console-server: SAML assertion AuthnStatement SessionNotOnOrAfter = 1773541506
2026-03-14T17:25:06.895862+01:00 server python3 /usr/sbin/univention-management-console-server: assertion contains urn:oid:0.9.2342.19200300.100.1.1; searching for urn:oid:0.9.2342.19200300.100.1.1
I need some help, how to proceed.
Best regards
sgat