Done the part below, but still have notification on login: An error accurred while connectiong to the server, please try again later. ![:confused: :confused:](https://help.univention.com/images/emoji/twitter/confused.png?v=10)
Also, root certificate on list in web browser in section root certificate is old, no the new one ![:confused: :confused:](https://help.univention.com/images/emoji/twitter/confused.png?v=10)
On every SAML Identity provider (UCS Master and all UCS Backups), execute the following:
eval "$(ucr shell domainname)"
install -o root -g samlcgi -m 0644 /etc/univention/ssl/"ucs-sso.${domainname}"/cert.pem /etc/simplesamlphp/"ucs-sso.${domainname}-idp-certificate.crt"
install -o root -g samlcgi -m 0640 /etc/univention/ssl/"ucs-sso.${domainname}"/private.key /etc/simplesamlphp/"ucs-sso.${domainname}-idp-certificate.key"
service univention-saml restart
On each UCS system including the primary DC in the domain has to re-install the new certificate to make the UMC Single Sign On work:
eval "$(ucr shell ucs/server/sso/fqdn)"
rm -f /usr/share/univention-management-console/saml/idp/*.xml
ucr set umc/saml/idp-server="https://${ucs_server_sso_fqdn}/simplesamlphp/saml2/idp/metadata.php" || echo 'Failed!'
service univention-management-console-web-server restart
univention-run-join-scripts --force --run-scripts 92univention-management-console-web-server.inst
Every service provider connected to UCS must be updated with the new certificate. See the respective documentation for each service provider.