SSO with UCS?


#1

Hi,

I would like to have some help setting up my SSO (or maybe I’ll not need it).

I would like to add my NAS into the system. Like that, I want to give access to some users at these NAS and not the others. (The idea will be to do an auto mount like (if it’s possible ?)). My NAS have a LDAP base, so i should join them into my domain but I don’t want that my users need to enter a second time his password. In the same way, I’ll add some servers into my domain, so i thought : SSO should be my answer.

So here what I have and what I want to do. To be sure I need SSO and to have accurate advice (if possible) :
I have 1 UCS domain master and 1 UCS domain backup. 4 Linux configured with integrated with the part 1 of this document : https://docs.software-univention.de/domain-4.1.html#ubuntu:integration . I have 4 NAS (Let’s call them NAS1 to NAS4) and for now 5 users. I also have a ubuntu used as a server with a docker and xwiki installed and another one for backup.

What I want to do is this :
1 - All my user should have access to my docker/wiki principal server
2 - User 1 should have access also to NAS2
3 - User 2 to NAS1 and NAS3
4 - etc.
When a user have access to a NAS, this one should automatically mount itself at session startup but shouldn’t be available for other users (for exemple, if user1 connect into user2 computer, he souldn’t have access to NAS1 and 3)

I didn’t touch anything else than the document I followed for client integration. So I’m sure I miss a lot of thing.

When i try to connect using the sso link at the top left browser windows, I figured out this one is crossed. I can’t access it with http or https as they wright it in the help page for this. They write that I need to install again? 91univention-saml.inst and 92univention-management-console-web-server.inst. Where can I find this script ? Do you have a documentation talking only about how to set up the saml sso thing ? Because when I read the documentation, I did the installation, linux configuration and working in my domain but after, i’m stuck :confused:

The error page : sdb.univention.de/1351

If someone can help me, that could be really kind,

Thank’s in advance.


#2

Hi again,

I can access now to the ucs-sso. but it’s a blank pages.

I think I should run back the 91 and 92 script so I’ll looking for them …

Do you think that I really need an SSO, considering my need ? And do you think it’s possible to do what I want ? (If you have some documentation or the point of the documentation to do it, that will help me a lot)

Thank’s in advance


#3

Hi,

by default the current SSO-implemenation only provides access to the Management Console itself. Other services can be integrated as described in 3.8. SAML identity provider. I have heared that the App Center has some Apps which are already integrated but I havent tested this by myself.

SSO for file access (given that this is what you want to achive with NAS-devices) is a different topic and depends primarily from client devices and the methods your clients are using. Most NAS-boxes are able to join into an Active Directory or can grant access through LDAP. But this is more or less rather “Domain Services” than SSO.

hth,
Dirk