From df0f25df4d335589ed787526055199437def3a4e Mon Sep 17 00:00:00 2001 From: ralf Date: Thu, 15 Sep 2022 12:55:25 +0200 Subject: [PATCH] some updates and workarounds for SSO --- doc/UCS-SAML-SSO.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/doc/UCS-SAML-SSO.md b/doc/UCS-SAML-SSO.md index 37fc02ea8d..8a78df8619 100644 --- a/doc/UCS-SAML-SSO.md +++ b/doc/UCS-SAML-SSO.md @@ -138,6 +138,15 @@ LDAP Attribute Name: givenName LDAP Attribute Name: sn ``` +* If you want an automatic SAML SingleSignOn, eg. by clicking on an EGroupware tile in the portal, +you need to switch in Setup > Site configuration ```Authentication``` to ```SAML``` and remove the +```Test SSO``` label from the beginning of the SAML configuration. +* To be able to use a password login in the above case, you need to add the following to your DB: +```sql +INSERT INTO egw_config VALUES ('phpgwapi', 'univention_discovery', 'true'); +``` +        Clear the cache and use the following URL: ```https://example.org/egroupware/login.php?auth=univention``` + * Some useful links * [How does Single Sign-on work?](https://www.univention.com/blog-en/2021/08/how-does-single-sign-on-work-with-saml-and-openidconnect/) * [Reconfigure UCS Single Sign On](https://help.univention.com/t/reconfigure-ucs-single-sign-on/16161) @@ -166,4 +175,7 @@ Admin user: dovecotadmin Password: secretpassword X Use admin credentials to connect without a session-password, e.g. for SSO ``` +> Currently, there are two bugs, you need to work around: +> 1. EGroupware checks the above user/password as an IMAP user, so you need to additionally create him as UCS user with mail, in order to be able to store the dialog. +> 2. The account you use for testing, must NOT have any additional personal mail accounts, as you get an error in that case, when you open the mail app. * log out and in again with SSO and check everything works \ No newline at end of file