Migration guide: SimpleSAMLPHP to Keycloak

Download PDF

Prepare for the update to UCS 5.2

6. Prepare for the update to UCS 5.2#

This section explains the necessary steps to prepare your domain for the update to UCS 5.2. Before you have executed these steps the update to UCS 5.2 will be blocked. Follow these steps only after

  • you migrated all services that use single sign-on for authentication to use Keycloak as IdP,

  • or you are absolutely sure no service uses SimpleSAMLphp or OpenID Connect Provider as IdP for single sign-on authentication.

To prepare your domain for the update to UCS 5.2, run the following command on your UCS Primary Directory Node:

Listing 6.1 Run Keycloak migration script#
$ univention-keycloak-migration-status --delete --create-sso-uri-setting

What this does is to

  • delete old and obsolete UDM objects used by SimpleSAMLphp and OpenID Connect Provider

  • and to create an UCR policy for the setting ucs/server/sso/uri used in UCS 5.2 to define the default IdP for services.

Warning

After removing these UDM objects, single sign-on with SimpleSAMLphp or OpenID Connect Provider will no longer work.