AppSuite:UCS SAML SSO with OX App Suite: Difference between revisions

From Open-Xchange
(Created page with "= Univention Corporate Server SAML-SSO Configuration with OX App Suite = == Preconditions == Before starting the configuration process, it is advisable to test the SAML logi...")
 
(Replaced content with " <div style="overflow: auto;"><div style="border-width:3px; border-style:solid; padding:5px; margin:1em; margin-left:5em; margin-right:5em;">[https://oxpedia.org/wiki/index.php?title=AppSuite:UCS_OIDC_SSO_with_OX_App_Suite Corporate Server OIDC-SSO Configuration with OX App Suite]</div></div> = Univention Corporate Server SAML-SSO Configuration with OX App Suite = == Preconditions == Before starting the configuration process, it is advisable to test the SAML login...")
Tag: Replaced
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
<div style="overflow: auto;"><div style="border-width:3px; border-style:solid; padding:5px; margin:1em; margin-left:5em; margin-right:5em;">[https://oxpedia.org/wiki/index.php?title=AppSuite:UCS_OIDC_SSO_with_OX_App_Suite Corporate Server OIDC-SSO Configuration with OX App Suite]</div></div>
= Univention Corporate Server SAML-SSO Configuration with OX App Suite =
= Univention Corporate Server SAML-SSO Configuration with OX App Suite =


Line 7: Line 10:
  https://<Hostname>/univention/saml
  https://<Hostname>/univention/saml


== Configuration ==
== Migration OX App Suite SSO to Keycloak ==
 
=== Setting FQDNs ===
 
The following three variables have to be set according to the environment. Multiple or all variables can contain the same FQDN.
 
# FQDN for accessing the SSO - can be found in UCR: ucr get ucs/server/sso/fqdn
SSO_FQDN=ucs-sso.domain.name
# FQDN for accessing the portal
PORTAL_FQDN=portal.domain.name
# FQDN for accessing OX
MAIL_FQDN=mail.domain.name
 
=== Adjusting the provisioning ===


The UCS users are provisioned in OX via CLI interfaces and then written to a MySQL database. The database has a "imapLogin" field that is used by OX to log in to the user's inbox. As default it is set to the user's mail address. If SSO is to be used, it has to be appended with an asterisk and the mail server's master user. For Dovecot this would be <code>dovecotadmin</code> and looks as follows:
The previously provided configuration information is outdated. Please follow the steps outlined in the migration guide available at: https://help.univention.com/t/howto-migrate-ox-sso-to-keycloak/24053/1

Latest revision as of 07:51, 23 May 2025

Univention Corporate Server SAML-SSO Configuration with OX App Suite

Preconditions

Before starting the configuration process, it is advisable to test the SAML login to UCS to ensure that it works. Authentication via SAML login works as follows. 

https://<Hostname>/univention/saml

Migration OX App Suite SSO to Keycloak

The previously provided configuration information is outdated. Please follow the steps outlined in the migration guide available at: https://help.univention.com/t/howto-migrate-ox-sso-to-keycloak/24053/1

Retrieved from "https://wiki.open-xchange.com/wiki/index.php?title=AppSuite:UCS_SAML_SSO_with_OX_App_Suite&oldid=28920"