[solved] New installation of Master - Review of Saml certificates failed

saml

#1

I’ve installed a new USC 4.4 Master. Afert 3 days i get this error message:

16.05.19 18:21:48.636 MODULE      ( PROCESS ) : Checks ucs-sso by comparing 'ucr get ucs/server/sso/fqdn' with the Location field in /usr/share/univention-management-console/saml/idp/*.xml
Traceback (most recent call last):
  File "/usr/share/pyshared/univention/management/console/modules/diagnostic/plugins/04_saml_certificate_check.py", line 124, in <module>
    run(0)
  File "/usr/share/pyshared/univention/management/console/modules/diagnostic/plugins/04_saml_certificate_check.py", line 76, in run
    test_identity_provider_certificate()
  File "/usr/share/pyshared/univention/management/console/modules/diagnostic/plugins/04_saml_certificate_check.py", line 89, in test_identity_provider_certificate
    for host in socket.gethostbyname_ex(sso_fqdn)[2]:
socket.gaierror: [Errno -2] Name or service not known

I read this: SAML certificate verification failed and also have done this: Renewing the SSL certificates but that did not help. Also no other UCS can join the domain. The Serves hasn’t NAT. Both have public ip-Adresses and dualstack.

If i would like to join, i get an timeout with this script:
univention-run-join-scripts --run-scripts 92univention-management-console-web-server

So what can i do?

Thanks a lot


#2

Nice… found the solution shortly… on the master i execuded the following:
univention-run-join-scripts --force --run-scripts 91univention-saml.inst

On the memberserver i added an ipv4 address too. Does ucs not support ipv6 only?