UCS 5.2 Alpha: Preliminary version of the next UCS released

Blog UCS 5.2 Alpha

On November 21, we released the Alpha version of UCS 5.2. It is the harbinger for the first minor release since the release of UCS 5.0 in May 2021. The Alpha version is intended to give a first impression of the upcoming UCS 5.2, in particular the basic packages of the distribution have been updated; UCS 5.2 Alpha is therefore primarily aimed at app providers who want to test their app today. However, installation and updates are generally available to anyone who wants to get an idea of the next version today.

What Is New?

UCS 5.2 will be based on the latest stable Debian version: Debian 12 “Bookworm”. This includes new versions of PostgreSQL and MariaDB, Docker and OpenLDAP, among others. The Alpha version has already completed this step, all packages from Debian have been adopted and partially rebuilt with our enhancements. Especially for application providers it is worth to have a look already today. Early testing ensures that the app will be available in the App Center on the day UCS 5.2 is released.

UCS 5.2 now also comes with Keycloak as our single sign-on solution. We have already described the long road to this here. Keycloak is already functional in the Alpha version and will be even more integrated in the final version.

Where Is UCS 5.1?

It is true, UCS 5.0 is followed by UCS 5.2. As mentioned here, we skipped a complete, production-ready release of UCS 5.1 for technical reasons. Just like we skipped Debian 11 “Bullseye”. When upgrading from UCS 5.0 to UCS 5.2, this actually happens in two steps in the background; once to a “hidden” UCS 5.1 and immediately after that to UCS 5.2. We make sure that nobody gets stuck on UCS 5.1 during the update (after all, 5.1 will never become an official, supported release that should be used productively).

Where Do we Stand with UCS 5.2 and Keycloak?

In UCS 5.2, Keycloak will replace our current solutions for single sign-on (SimpleSAMLphp and the OpenID Connect Provider app) and support both protocols, SAML and OpenID Connect. The Keycloak app, which is already available for UCS 5.0, is pre-installed in the Alpha version. The app installation during the UCS installation will be revised again in the final version of 5.2. Our services (Univention Management Console and Univention Portal) have already been converted to Keycloak, but we will work on some rough edges. And just like the app providers, we will also convert our other apps to Keycloak as the new standard: the Microsoft 365 Connector and the Google Workspace Connector.

Before updating UCS 5.0, you will need to migrate to Keycloak – this can already be done today and is documented in the migration guide. The Alpha release of UCS 5.2 does not work properly without the Keycloak app; this will also be improved for the final release.

What Happens Next?

The final UCS 5.2 will be released in the course of next year, and we will start the final release phase with a beta version.

The Alpha version can already be tested now. We have described how to do this in an article here. There we also list known bugs and special features of the pre-release version. As always, we welcome questions and feedback on the Alpha version at Univention Help.

Interview: Andreas Tells Us How He Was Able to Fulfill His Dream of Taking a “Sabbatical” at Univention

Pausing for a moment, reading a book in peace, traveling across Europe, dedicating oneself to a project or volunteering full-time – this is the dream of many employees. At Univention, this dream has come true, because for the past two years, employees have had the opportunity to take time out in the form of a “sabbatical”. In this interview, Andreas talks about how he managed to establish this offer, why the topic is so important to him, and how he spent his sabbatical.

SimpleSAMLphp and Kopano Konnect Deprecated – Keycloak Will Be the Only IDP in UCS 5.2

Header: Keycloak Identity Provider
As announced, we will introduce Keycloak as the default identity provider (IDP) with UCS 5.2. That raises the question of how long the previous IDP based on SimpleSAMLphp will be supported in UCS. In this article, I explain why we have decided to link the maintenance period of SimpleSAMLphp with that of UCS Release 5.0 and what steps are necessary for existing UCS installations.

Univention and MariaDB Offer Support for the Fail-Safe Operation of Keycloak in UCS

Since last year, the single sign-on solution Keycloak has been a central component of our identity and access management strategy. With Keycloak, third-party applications can log on to the system using standard protocols such as SAML and OpenID Connect. This means that users only have to log on once centrally and can then access all enabled services.

Outlook on the Upcoming Role Design in UCS and UCS@school

Since our last blog article on the future role model, we have made significant progress in transforming the UCS role and rights model. The custom role design, currently under development, is taking shape. In this article, we would like to focus on introducing two promising new components: One of them allows you to evaluate the permissions of a role, while the other is a web module that allows you to create your own roles. Let’s see what else awaits us until the end of the year.

Sex Education – Easier Than Ever to Integrate into the Classroom with KNOWBODY and the Univention ID Broker

Knowbody ID Broker
We are pleased to announce the latest addition to the Univention ID Broker. KNOWBODY, a young and innovative company, now makes sexual education more interactive and personal than ever before. Using videos, short games, 3D animations and even voice messages, students are introduced to the topic in a unique way. Read on to learn more about the exciting possibilities of this app from Carolin Strehmel.