Problem:
Changing the students password is not possible via saml. The loading bar stops at 0%.
Investigation:
On the Master:
Check /etc/ldap/sasl2/slapd.conf
and udm saml/serviceprovider list |grep SAMLServiceProviderIdentifier
for identical names.
Restart the slapd service, try again changing the password and look for the error message:
service slapd restart
systemctl status slapd.service
This message shows inconsistent entries:
Dez 20 17:33:27 master slapd[31506]: SASL [conn=5425] Error: Assertion audience "https://slave.schein.me/univention/saml/metadata" untrusted
Dez 20 17:33:27 master slapd[31506]: SASL [conn=5425] Failure: Untrusted assertion audience
or you simply check the /var/log/syslog for any hints.
Furthermore you shoud check the metadata for any inconsitencies. Maybe the EntiyID is not the same on both servers.
cat /usr/share/univention-management-console/saml/idp/*.xml
Solution:
A solution might be to redownload the metadata after you checked the ucr variables.
This can be done be resetting the ucr variable umc/saml/idp-server
to the existing value and restart the ldapserver