Problem:

Your login does not use sso after you updated your system to UCS 5.

Solution:

The login behaviour changed, and we have no automatic saml login.
http://docs.software-univention.de/manual/5.0/en/central-management-umc/login.html

By default a login does not use single sign-on. The login can be changed to use single sign-on (SSO) via SAML (SAML identity provider). To configure this, ucs-sso.[Domain name] must be reachable and the Univention Configuration Registry Variable portal/auth-mode has to be set to saml. For the change to take effect the portal server needs to be restarted: systemctl restart univention-portal-server.service. The login using the user menu has now be changed. Portal tiles have to be adapted manually. The default portal has a SSO login tile preconfigured which can be activated using the portal edit mode.

in short

ucr set portal/auth-mode=saml
systemctl restart univention-portal-server.service

and to get the fitting portal icon:
UMC → Domain → Portal → show all → Login SAML → check active

udm portals/entry modify --dn=cn=login-saml,cn=entry,cn=portals,cn=univention,$(ucr get ldap/base) --set activated=TRUE

Or you can edit the Portal: