Problem: Changing the student password in UMC via saml remains at 0%

scheinig · January 7, 2019, 2:26pm

Problem:

Changing the students password is not possible via saml. The loading bar stops at 0%.

Investigation:

On the Master:
Check /etc/ldap/sasl2/slapd.conf and udm saml/serviceprovider list |grep SAMLServiceProviderIdentifier for identical names.
Restart the slapd service, try again changing the password and look for the error message:

service slapd restart
systemctl status slapd.service

This message shows inconsistent entries:

Dez 20 17:33:27 master slapd[31506]: SASL [conn=5425] Error: Assertion audience "https://slave.schein.me/univention/saml/metadata" untrusted
Dez 20 17:33:27 master slapd[31506]: SASL [conn=5425] Failure: Untrusted assertion audience

or you simply check the /var/log/syslog for any hints.

Furthermore you shoud check the metadata for any inconsitencies. Maybe the EntiyID is not the same on both servers.
cat /usr/share/univention-management-console/saml/idp/*.xml

Solution:

A solution might be to redownload the metadata after you checked the ucr variables.
This can be done be resetting the ucr variable umc/saml/idp-server to the existing value and restart the ldapserver

stoeckigt · January 8, 2019, 10:57am