UCS 4.1 - how to change ucs-sso to public fqdn?


#1

Our UCS is configured for the internal domain example.lcl

Since version 4.1 a subdomain is created for SAML SSO
The following fqdn is generated by UCS: ucs-sso.example.lcl

How do I change this to the public fqdn ucs-sso.example.nl ?

What I did until now:

  • change UCR variable “saml/idp/entityID” to “https://ucs-sso.example.nl/simplesamlphp/saml2/idp/metadata.php
  • change UCS variable “ucs/server/sso/fqdn” to “ucs-sso.finalist.nl”
  • add to DNS forward lookup zone “example.nl”
  • run Domain join script “91univention-saml”
  • run Domain join script “92univention-management-console-web-server”

After this I’ve got the following error in the Domain joln log file

Resolving ucs-sso.example.nl (ucs-sso.example.nl)… 212.x.x.x
Connecting to ucs-sso.example.nl (ucs-sso.example.nl)|212.x.x.x|:443… connected.
GnuTLS: A TLS warning alert has been received.
Unable to establish SSL connection.

The SSL connection can’t be established because of the fact ucs-sso.example.nl is not available in Apache config (ServerAlias)

What steps should I follow to make ucs-sso.example.nl public?


#2

Hi,

we have documented the required steps to change the FQDN for single sign on in an SDB article. Please try the steps described there. We would love to hear your feedback how it worked or which problems you encountered.


#3

Thanks! I followed the instruction. The FQDN is changed now. :slight_smile:

The only issue I had, is that I already configured SSL for Apache2. I had to revert the following.

apache2/ssl/certificate=/etc/univention/ssl/${FQDN}/cert.pem \ apache2/ssl/key=/etc/univention/ssl/${FQDN}/private.key
I will proceed with testing and report when I find something.