The release of version 4.4-5 of Univention Corporate Server (UCS) brings a series of technical innovations for the Single Sign-on of users to applications connected to UCS. There are also new functions for the UCS Self Service. Users can now register themselves at a UCS domain via the User Self Service and create a user account, assign a user name and password, and store further information. Performance improvements in the LDAP directory service have accelerated the replication of groups. And in preparation for UCS 5.0, which is scheduled for release at the end of this year, our development department has made more than 45 UCS packages compatible with Python 3. So when you upgrade to UCS 5.0, the corresponding code parts in UCS will run for both Python 2 and Python 3. In addition, we have also published a preview of the new UCS 5 portal as an app in the App Center for testers. It already brings important new technical features such as embedding apps directly into the portal page.
Set up Single Sign-on via SAML for complete groups
UCS system administrators can now assign usage authorization to complete groups for applications that support Single Sign-on via SAML. This greatly simplifies the management of user access for organizations that have many users with different tasks and authorizations for using IT services. Read more about this topic in the blog article Create an SSO Login for Applications to Groups.
For the Single Sign-on connection to the identity management of apps or external services via SAML, it is now also possible to map the user attributes stored in the LDAP directory service to the attribute names expected in SAML claims per application or service using a configurable mapping. For example, the LDAP attribute name for e-mail addresses “mailPrimaryAddress” can be mapped to the attribute name “e-mail” expected by an application. This makes it possible to connect more services via SAML to UCS that expect a fixed set of user attributes for the login via Single Sign-on.
New OpenID Connect Provider integrates authentication of OpenID Connect and SAML
But there are not only innovations for Single Sign-on with SAML. Recently, the Univention App Center has made available an updated version of the OpenID Connect Provider App for integration in UCS which also supports SAML as an authentication backend for OpenID Connect. Thanks to this, users who are logged in to UCS using Single Sign-on via SAML can now also use those applications that authenticate via the OpenID Connect technology without having to log in a second time. No matter which of the two standards – SAML or OpenID Connect – is used by an application for user authentication, Single Sign-on now works across all standards in UCS. Read more on this in the article: Two Standards But One Common Single Sign-on – Integration of SAML and OpenID Connect.