The local (anonymised) hostname of our system is: p-ucs-master.xxx.lcl
The public hostname is univention.xxx.nl
- The certificate used in UCS 4.0 is "p-ucs-master.xxx.lcl-idp-certificate.crt"
- During the upgrade, the certificate "ucs-sso.xxx.lcl-idp-certificate.crt" is created.
- After changing the FQDN using this instruction (sdb.univention.de/1352) another certificate is created: "univention.xxx.nl-idp-certificate.crt"
I solved the issue with the existing Service Provider by changing the UCR and rejoining.
ucr set saml/idp/certificate/privatekey="/etc/simplesamlphp/p-ucs-master.xxx.lcl-idp-certificate.crt"
ucr set saml/idp/certificate/certificate="/etc/simplesamlphp/p-ucs-master.xxx.lcl-idp-certificate.crt"
Unfortunately SSO to the Univention Management Console does not work: "Could not fulfill the request. The SAML response contained a invalid signature: Failed to verify signature"
Do you have a suggestion to fix the issue with SSO to UMC?