Being logged in through SSO on the master server and trying to login to the backup server in a new browser tab results in “
Internal Server Error”.
You might see related messages in
pam auth error connection timeout
auth failed status 401
This issue might be related to non-matching or non-valid certificates. To verify follow the steps noted below:
On all IDP Servers (= DC Master + DC Backups):
$ cat /etc/simplesamlphp/*-idp-certificate.crt
On the Service-Provider Server:
$ cat /usr/share/univention-management-console/saml/idp/*.xml
Verify the above steps show the same vertificates, these files should be identical.
If not identical remove the files on the SP-server:
rm -f /usr/share/univention-management-console/saml/idp/*.xml
Note: This step does not work on PaedML!
Force re-execution of the joinscript
univention-run-join-scripts --force --run-scripts 92univention-management-console-web-server