Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SSO hostname/fqdn to certs generated for SAML provider hosts (Bug #56483) #49

Open
wants to merge 1 commit into
base: 5.0-4
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions base/univention-ssl/make-certificates.sh
Original file line number Diff line number Diff line change
Expand Up @@ -510,6 +510,11 @@ gencert () {
local fqdn="${2:?Missing argument: common name}"
local days="${3:-$DEFAULT_DAYS}"

# get our sso fqdn -> $ucs_server_sso_fqdn
eval "$(ucr shell ucs/server/sso/fqdn)"
# get list of SAML servers
local samlsrv="$(ucr shell | grep ucs_server_saml_idp_server | sed -e 's/.*=//' | xargs)"

local hostname="${fqdn%%.*}" cn="$fqdn"
if [ ${#hostname} -gt 64 ]
then
Expand All @@ -532,6 +537,14 @@ gencert () {
# Add DNS alias names
local san
san="$(univention-ldapsearch -LLLo ldif-wrap=no "(cNAMERecord=${fqdn%.}.)" 1.1 | sed -rne 's/^dn: relativeDomainName=([^,]+),zoneName=([^,]+),.*/\1 \1.\2/p' | tr '\n' ' ')"
# Add SSO name if we create cert for one of the SAML servers
for tst in $samlsrv
do
if [ "$tst" == "$fqdn" ]; then
san="$san ${ucs_server_sso_fqdn%%.*} $ucs_server_sso_fqdn"
break
fi
done
mk_config "$name/openssl.cnf" "" "$days" "$cn" "$fqdn $hostname $san"
# generate a key pair
openssl genrsa -out "$name/private.key" "$DEFAULT_BITS"
Expand Down