UCS 4.3 SSO link missing on Portal-Site

sso

#1

Hello,

I have Installed and activated the SAML provider for my Users but I’m missing the Single-Sign-on link at the Login-Page or Portal-Page. What can I do for activate the login with sso?

Kind Regards,

phiku


#2

Hey,

there is no separate portal entry for SSO via SAML. Instead you visit the regular management URL: https://server.your.domain/univention/management/

Upon visiting that URL several compatibility tests will be performed by the web browser (or rather: by some JavaScript code loaded from the UCS server) in order to determine whether SSO will most likely work. That includes, if I’m not mistaken, a test whether or not the browser trusts the server certificate for ucs-sso.your.domain.

If the tests are successful, the browser redirects to the SSO login page: https://ucs-sso.your.domain/simplesamlphp/module.php/core/loginuserpass.php?AuthState=… After a successful login there, you’re redirected to the management interface.

If, however, those tests fail, you’re automatically redirected to the non-SSO login page: https://server.your.domain/univention/login/

Kind regards,
mosu


#3

Thank you for your hint. It’s working perfect after I add root-certificate to the trusted Certificates store


#4

@Moritz_Bunkus can you elaborate a little bit more “compability tests” and how can i debug/troubleshoot it?

In my scenario i’m able to sso in slave and backup server but never can sso in the master server


#5

No, I cannot; I don’t have more in-depth knowledge about what tests are performed and how they work. The folks from Univention could certainly shed more light on them.