6. Prepare for the update to UCS 5.2

This section explains the necessary steps to prepare your domain for the update to UCS 5.2. Follow these steps only after

• you migrated all services that use single sign-on for authentication to use Keycloak as IdP,

• or you are absolutely sure no service uses SimpleSAMLphp or OpenID Connect Provider as IdP for single sign-on authentication.

UCS before version 5.2 stored all the SimpleSAMLphp and OpenID Connect Provider client configurations as UDM modules saml/serviceprovider and oidc/rpservice. The update to 5.2 blocks until all these objects are removed.

Warning

After removing these client objects, single sign-on with SimpleSAMLphp or OpenID Connect Provider does no longer work.

To prepare your domain for the update to UCS 5.2, run the following command on your UCS Primary Directory Node to backup all IdP client object settings and subsequently remove them:

Listing 6.1 Remove single sign-on client objects from UDM

$ univention-keycloak-migration-status --delete