By: Rami Almarzooq user 09 Oct 2018 at 6:23 a.m. CDT

7 Responses
Rami Almarzooq gravatar
Hi, I really got lost in the default authentication method, whatever I do I see that oxTrust acr is overwriting the default acr. I want my admin login to remain basic and others to login using supergluu. Is it a bug or am I missing something?

By Thomas Gasmyr Mougang staff 09 Oct 2018 at 6:29 a.m. CDT

Thomas Gasmyr Mougang gravatar
Can you provide more information about you have been doing and what you are trying to do. I can help unless i have enough information.

By Rami Almarzooq user 09 Oct 2018 at 7:55 a.m. CDT

Rami Almarzooq gravatar
I have deployed Gluu server recently to study it for our enterprise single sign on authentication. So far so good in installation, but now I want the admin login is to login with basic login "username and password" and other users to login through super_gluu Let me get this clear: [default auth](https://imgur.com/xfTY8DV) As shown up in the screenshot, the oxTrust value override the default acr value that will leave one option to sign in through the web portal. I need two access methods. One for admin which is the basic method and the other for users which is the super_gluu script.

By Thomas Gasmyr Mougang staff 11 Oct 2018 at 2:43 a.m. CDT

Thomas Gasmyr Mougang gravatar
Hi Rami, You can create an OpenID connect client for non admin users and set his default acr to **super_gluu**.

By Master Kumar user 12 Oct 2018 at 7:30 a.m. CDT

Master Kumar gravatar
Hi Thomas, How do we tell the new OpenID Connect Client is for non-admin users? Also as we need to set the default acr value to super_gluu then super_gluu script should also be enabled?

By Thomas Gasmyr Mougang staff 16 Oct 2018 at 7:07 a.m. CDT

Thomas Gasmyr Mougang gravatar
> How do we tell the new OpenID Connect Client is for non-admin users? You can use the OpenID conect client field named **Default ACR** to set which authentication script a specific client will use. > Also as we need to set the default acr value to super_gluu then super_gluu script should also be enabled? Just enable **super_gluu** script under **Manage Custom scripts**. Don't set it as default authentication method.

By Master Kumar user 16 Oct 2018 at 8:37 p.m. CDT

Master Kumar gravatar
Hi Thomas, on setting the default acr value in the OpenID Connect client screen as you said will tell which authentication script the client should use. But when we login to gluu server(https://mygluserv.com) using the admin or other user it will still use the same client id for both right? If yes in that case how to handle it. If an application is using the gluu api's then the authentication method based on the acr value set in the OpenID Client details the respective authentication script will be invoked as client id is passed in the request. Can please let me know on the above, and how to proceed.

By Thomas Gasmyr Mougang staff 24 Oct 2018 at 2:23 a.m. CDT

Thomas Gasmyr Mougang gravatar
Gluu use acr pass to authentication request to determine which script to use for authentication. So you can create an OIDC client with differents acrs. After that it's up to you to implement the logic on then SP to send authentication with specific acr.