SAML certificate verification failed after renewing the SSL certificates


After renewing the SSL certificates ( Renewing the SSL certificates - Knowledge Base / Supported - Univention Help the critical problem: SAML certificate verification failed! appeared.

Tried several times with section Renewing the SSL certificates but with no success.

Screenshot from system diagnostic below:

error saml

Please an assistance :+1:

Best Regards,

Done the part below, but still have notification on login: An error accurred while connectiong to the server, please try again later. :confused:
Also, root certificate on list in web browser in section root certificate is old, no the new one :confused:

On every SAML Identity provider (UCS Master and all UCS Backups), execute the following:

eval "$(ucr shell domainname)"
install -o root -g samlcgi -m 0644 /etc/univention/ssl/"ucs-sso.${domainname}"/cert.pem /etc/simplesamlphp/"ucs-sso.${domainname}-idp-certificate.crt"
install -o root -g samlcgi -m 0640 /etc/univention/ssl/"ucs-sso.${domainname}"/private.key /etc/simplesamlphp/"ucs-sso.${domainname}-idp-certificate.key"
service univention-saml restart

On each UCS system including the primary DC in the domain has to re-install the new certificate to make the UMC Single Sign On work:

eval "$(ucr shell ucs/server/sso/fqdn)"
rm -f /usr/share/univention-management-console/saml/idp/*.xml
ucr set umc/saml/idp-server="https://${ucs_server_sso_fqdn}/simplesamlphp/saml2/idp/metadata.php" || echo 'Failed!'
service univention-management-console-web-server restart
univention-run-join-scripts --force --run-scripts 92univention-management-console-web-server.inst

Every service provider connected to UCS must be updated with the new certificate. See the respective documentation for each service provider.