Problem:

AADSTS50107: The requested federation realm object ‘https://ucs-sso.domain.de/simplesamlphp/saml2/idp/metadata.php’ does not exist
We already know the error message from an other article:

If you only try to connect to just 1 AD Domain, you may not have this issue. But if you try to connect with two domains in one azure you can look for the following hints.

Investigation:

As described in the manual you have to do the following steps, to connect with both domains in youre azure cloud.

1. The following ucr variables have to be set on all servers which serve the UCS Identity Provider,

    saml/idp/entityID/supplement/staff.schein.me=true
    saml/idp/entityID/supplement/student.schein.me=true

and the apache2 service has to be reloaded.

2. You have to create two ad connections

root@master: /usr/share/univention-office365/scripts# ./manage_adconnections create staff.schein.me
root@master: /usr/share/univention-office365/scripts# ./manage_adconnections create student.schein.me

This should look like that, when the connections are listed:
`root@master:/usr/share/univention-office365/scripts# ./manage_adconnections list

The wizard has to be executed for both domains.
If the status is uninitialized, the wizard has not been executed for this domain, yet.

After that your Domains should be federated and working fine. But NOW you may face the error message from above.The office365 tile on the portal is not automatically adjusted.

Solution:

You have to add a new tile in the portal, with the appropriate link. and adjust the existing one.
You can get the url from the saml.bat file, which you had executed in the powershell.

https://ucs-sso.schein.me/simplesamlphp/staff.schein.me/saml2/idp/SSOService.php?spentityid=urn:federation:MicrosoftOnline
https://ucs-sso.schein.me/simplesamlphp/student.schein.me/saml2/idp/SSOService.php?spentityid=urn:federation:MicrosoftOnline