Hi!
Same problem over here as well. SAML is working, though, which seems to confirm the problem is with the diagnostic script.
When follwing your instructions you can see that the SSL certs are different (output shortened):
root@ucs:~# cat /etc/univention/ssl/$(hostname -f)/cert.pem | tail -n 3
2PzEo6pfUXwiRIcpL3cz1dgJF0CLOs4QmARm7NU33Of1Tbt3bmiuUCGLJ0+ixVRb
v8dZm2m4D1zimKmOep49
-----END CERTIFICATE-----
root@ucs:~# univention-ldapsearch -LLL "(&(serviceProviderMetadata=*)(univentionObjectType=saml/serviceprovider)(SAMLServiceProviderIdentifier=https://$(hostname -f)/univention/saml/metadata))" serviceProviderMetadata | ldapsearch-wrapper | ldapsearch-decode64 | grep -B3 "</ds:X509Certificate>" | head -n 3
PLCzCDuTpMEUjenRKPG1HrP9heWiehVQTu8G/GZynfw+FbLgQ20Q33AH4bVM4EX1
sad+UWAzRIFkhkkO8wk0gq7XA+9tYr/ZEgh8bf300A9lZpQsLTQQSRA+6W0rIaaS
oBZmiSV1wOcxgCVd+UpTV+lOw5KRULHbKZog4P2AHMZ9LgBWIVq7
Neither /usr/share/univention-management-console/saml/update_metadata
nor univention-run-join-scripts --force --run-scripts 92univention-management-console-web-server.inst
do help and the problem persist.
Iāve seen this kind of issue in 3 installations, 2 of them were upgraded to 5.0(-2) within the last two weeks.
No hard proof for his, but when I set up SAML SSO under UCS v5.0-1 with Windfluechter/setupSSO.sh: Small script to setup SAML SSO for Univention UCS - setupSSO.sh - Codeberg.org I donāt remember that System Diagnostics showed any issues with SAML. Maybe something changed with the last errata updates? But no idea, thoughā¦