AppSuite:UCS SAML SSO with OX App Suite: Difference between revisions
(Created page with "= Univention Corporate Server SAML-SSO Configuration with OX App Suite = == Preconditions == Before starting the configuration process, it is advisable to test the SAML logi...") |
No edit summary |
||
Line 25: | Line 25: | ||
The UCS users are provisioned in OX via CLI interfaces and then written to a MySQL database. The database has a "imapLogin" field that is used by OX to log in to the user's inbox. As default it is set to the user's mail address. If SSO is to be used, it has to be appended with an asterisk and the mail server's master user. For Dovecot this would be <code>dovecotadmin</code> and looks as follows: | The UCS users are provisioned in OX via CLI interfaces and then written to a MySQL database. The database has a "imapLogin" field that is used by OX to log in to the user's inbox. As default it is set to the user's mail address. If SSO is to be used, it has to be appended with an asterisk and the mail server's master user. For Dovecot this would be <code>dovecotadmin</code> and looks as follows: | ||
meinuser@maildomain.de*dovecotadmin | |||
The following two commands have to be executed to let the users be provisioned respectively by the listener: | |||
ucr set ox/listener/imaplogin_value='{}*dovecotadmin' | |||
service univention-directory-listener crestart | |||
==== Adjusting existing users ==== | |||
For already existing users, the imapLogin field has to be adjusted. See: [https://help.univention.com/t/how-to-change-the-ox-attribute-imaplogin-for-existing-users/14455 How To: Change the OX attribute imaplogin for existing users] |
Revision as of 05:03, 18 May 2021
Univention Corporate Server SAML-SSO Configuration with OX App Suite
Preconditions
Before starting the configuration process, it is advisable to test the SAML login to UCS to ensure that it works. Authentication via SAML login works as follows.
https://<Hostname>/univention/saml
Configuration
Setting FQDNs
The following three variables have to be set according to the environment. Multiple or all variables can contain the same FQDN.
# FQDN for accessing the SSO - can be found in UCR: ucr get ucs/server/sso/fqdn SSO_FQDN=ucs-sso.domain.name # FQDN for accessing the portal PORTAL_FQDN=portal.domain.name # FQDN for accessing OX MAIL_FQDN=mail.domain.name
Adjusting the provisioning
The UCS users are provisioned in OX via CLI interfaces and then written to a MySQL database. The database has a "imapLogin" field that is used by OX to log in to the user's inbox. As default it is set to the user's mail address. If SSO is to be used, it has to be appended with an asterisk and the mail server's master user. For Dovecot this would be dovecotadmin
and looks as follows:
meinuser@maildomain.de*dovecotadmin
The following two commands have to be executed to let the users be provisioned respectively by the listener:
ucr set ox/listener/imaplogin_value='{}*dovecotadmin' service univention-directory-listener crestart
Adjusting existing users
For already existing users, the imapLogin field has to be adjusted. See: How To: Change the OX attribute imaplogin for existing users