Problem: After an letsencrypt update the sso login was not possible

saml
letsencrypt

#1

Problem:

After an letsencrypt update the sso login was not possible anymore. Metadata could not be downloaded via https but via http.

Investigation:

curl https://ucs-sso.schein.me/simplesamlphp/saml2/idp/metadata.php or via http

Environment

  • Letsencrypt update to version 1.2.2-6 comes with a new configuration concept:
    https://forge.univention.org/bugzilla/show_bug.cgi?id=48204

  • Modified templates for /etc/apache2/sites-enabled/default-ssl.conf

  • Configured redirect for the portal url to use saml. The portal is configured on a slave server.

Solution:

The redirect must be configured at a different location so that it can be included via the vhost configuration of letsencrypt.

cat /etc/apache2/ucs-sites.conf.d/saml-redirect.conf
ProxyPass /simplesamlphp/ https://master.schein.me/simplesamlphp/ retry=0