Problem: Self-service creates incorrect password recovery link after system update

Problem

If you are using SSO and Self-Service on your system, and after upgrading from UCS 4 to UCS 5, you are experiencing the problem that the password recovery link is incorrectly created.

This may be due to a missing |selfservice|entry in the template 01redirect.conf.

You can get more information about this issue in the following Bug 54813

Solution

Source: GitHub

Edit the following config and put the entry |selfservice|to the right position at the range for REQUEST_URI

/etc/univention/templates/files/etc/apache2/sso-vhost.conf.d/01redirect.conf

RewriteCond %%{REQUEST_URI} ^/univention/(login|management|self-service|portal|server-overview)/$

To make it easier to understand, here are the correct entries from a UCS 5 system as an example:

@%@UCRWARNING=# @%@

# If we are in ucs-sso virtualhost context we need to redirect the requests to the correct FQDN
@!@
sso_fqdn = configRegistry.get('ucs/server/sso/fqdn', 'ucs-sso.%s' % configRegistry.get('domainname'))
if configRegistry.is_true('ucs/server/sso/virtualhost', True):
    print('''
RewriteCond %%{HTTP_HOST} ^%(sso_fqdn)s$
RewriteCond %%{REQUEST_URI} ^/univention/(login|management|self-service|portal|server-overview)/$
RewriteRule ^/univention/(.*)$ %%{REQUEST_SCHEME}://%(fqdn)s/univention/$1 [L,QSA,R=301,END]
''' % {
        'sso_fqdn': sso_fqdn,
        'fqdn': '%(hostname)s.%(domainname)s' % configRegistry,
    })
@!@

You can also set the following variable with your fqdn to make it safe for updates or changes:

ucr set umc/login/links/forgot_your_password/href=https://portal.univention.de/univention/selfservice/#/selfservice/passwordforgotten
Mastodon