Hello,
I have Installed and activated the SAML provider for my Users but I’m missing the Single-Sign-on link at the Login-Page or Portal-Page. What can I do for activate the login with sso?
Kind Regards,
phiku
Hey,
there is no separate portal entry for SSO via SAML. Instead you visit the regular management URL: https://server.your.domain/univention/management/
Upon visiting that URL several compatibility tests will be performed by the web browser (or rather: by some JavaScript code loaded from the UCS server) in order to determine whether SSO will most likely work. That includes, if I’m not mistaken, a test whether or not the browser trusts the server certificate for ucs-sso.your.domain.
If the tests are successful, the browser redirects to the SSO login page: https://ucs-sso.your.domain/simplesamlphp/module.php/core/loginuserpass.php?AuthState=… After a successful login there, you’re redirected to the management interface.
If, however, those tests fail, you’re automatically redirected to the non-SSO login page: https://server.your.domain/univention/login/
Kind regards,
mosu
1 Like
Thank you for your hint. It’s working perfect after I add root-certificate to the trusted Certificates store
@Moritz_Bunkus can you elaborate a little bit more “compability tests” and how can i debug/troubleshoot it?
In my scenario i’m able to sso in slave and backup server but never can sso in the master server
No, I cannot; I don’t have more in-depth knowledge about what tests are performed and how they work. The folks from Univention could certainly shed more light on them.