Single Sign On link on UMC login page is crossed out

Problem:

  • The hyperlink ‘Single Sign On’ on the Univention Management Console·
    login page is crossed out. It does not take the browser to the single·
    sign-on login page.

Possible solutions:

The hyperlink appears crossed out if the browser is unable to connect to the domain wide single sign-on server.
This server is by default available at https://ucs-sso.<domainname>/.

  • Is the client using a UCS domain nameserver as its nameserver?
    If not, the client should be configured to use the UCS domain nameservers.
    This can be configured manually on each client or e.g. via a DHCP policy.

  • Is the browser able to resolve the http URI http://ucs-sso.<domainname>/?
    The single sign-on is available on this virtual host. Accessing the address
    with a browser should present a page with the Univention logo.

  • Is the correct SSL certificate available in the browser? Can https://ucs-sso.<domainname>/.
    be visited in the browser?

    If not, the correct CA certificate from the ucs-overview site should be·
    installed, and the wrong certificate removed

  • Is the apache2 site correctly configured? Does·https://ucs-sso.<domainname>/simplesamlphp/blank.json show a small json status document in the browser?
    If not, the·following joinscripts should be re-executed on the master and all backup servers: 91univention-saml.inst,·
    92univention-management-console-web-server.inst.

Mastodon