Skip to main content
Skip table of contents

UMS Login Requirements

With UMS 12.08.100, the login process has changed, which entails new requirements for your environments.

Overview

The main benefits of the new login process are:

  • Increased security

  • Modernized and centralized login process for the UMS Web App and the UMS Console

  • Support of Cloud IdPs, like Microsoft Entra ID, Okta, or PingIdentity

The UMS login process uses the following protocols:

  • oAuth2

  • OpenID Connect

  • JWT

Browser Requirements

The login procedure requires a modern browser on the system. For a list of supported browsers, see Supported Environment IGEL UMS 12.08.100.

UMS Web Certificate

The UMS Web Certificate must contain all possible address formats that will be used for login in the UMS Console or UMS Web App. The following formats are possible:

  • FQDN

  • ShortName (hostnmame only)

  • IP address used to connect to the UMS Web App or the UMS Console

Reason: The login process executes a full SSL Handshake and verifies if the certificate presented is issued for the requested FQDN or IP Address.

UMS Server Public Address / Cluster Address

The public address of the UMS Server must be set correctly, in line with the UMS web certificate. For details, see Set the Correct Public Address and Public Web Port for each UMS server.

Reason: The authentication service of the UMS validates the redirect URI provided by the client (UMS Web App or UMS Console) against the registered values. From UMS 12.08.100 onward, the redirect URIs are derived from the UMS Server public address resp. the cluster address.

Logging in to the local machine as UMS superuser (with “localhost” as the server address) is always possible. This can help fix login issues.

From UMS 12.08.110, additional redirect URIs can be added in the UMS Web App.

Active Directory (AD) Users

An AD user must have a configured user name and password in the AD configuration to log in.

Reason: With the previous UMS version, the password of the login user was cached and used for refreshing the user data. Now, for security reasons, a valid AD user is required to refresh the user data. This user must have read access to user account details, group memberships, and other necessary AD data.

Known Issues in UMS 12.08.100

The issues listed here will be fixed with UMS 12.08.110

  • Login to the UMS Web App fails if the UMS Server is not listening on the default port (8443)

  • UMS Console on some Linux machines: The browser does not redirect to the UMS Console after successful login if the required MIME type is not configured. This occurs when the desktop-file-utils package is not installed during UMS installation.

  • With UMS Console only installations, login is not possible

  • WebDav file synchronization in Distributed UMS is not working

  • When a user is reassigned to a different group while logged in, the UI does not consistently reflect the change.

  • Using the UMS short name (hostname only) for login fails

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close