Yes, cool project! You would use custom authentication scripts to make this work. [Learn more here](https://gluu.org/docs/ce/3.0.2/authn-guide/intro/). We have an existing script to implement certificate authentication. [Learn more here](https://gluu.org/docs/ce/3.0.2/authn-guide/cert-auth/). The part that people typically miss when setting up cert authentication is that the Apache server is actually doing the cert authentication, so you have to set up the Apache web server to support mutual TLS authentication. Hope that helps!

Hello William Lowe, tnx for the quick response. Could you explain your idea a bit more ? Perhaps some links where something similar has been done ? Question: - Would i have to add the user's cert to the chained certs to make this work ? Also what modification have to be made to the Apache server to enable this functionality, at least to be able to authenticate with the ID card and then redirect to some other REST API (doesn't need to be Office 365 since i saw in this link [Office 365](https://gluu.org/docs/ce/integration/saas/office/) ) and it is for now a bit complex for me to implement, especially since i don't have the first authentication with the ID card working yet) ? Sorry for all the questions but i am new to the gluu community and am also trying to learn/implement for my use case. Thanks in advance, Ice.

To implement certificate authentication at the Gluu Server, you would use the certificate authentication interception script I linked to above. You would add the script in oxTrust, enable it, and then could make it the default authentication mechanism if needed. > Would I have to add the user's cert to the chained certs to make this work ? Yes. > Also what modification have to be made to the Apache server to enable this functionality, at least to be able to authenticate with the ID card and then redirect to some other REST API I'm not totally sure.. I think you will need to do some research about managing Apache and setting up TLS.

Hello Ice, How is it going? Any luck?

Hello Zico, i managed to use the smart card to authenticate to the login screen of gluu, but i am having some issues configuring gluu to use my card as authentication and then redirect to Office365. I am looking at this guide [here](https://gluu.org/docs/ce/integration/saas/office/) but even if i manage to get SSO with Shiboleth i will still have to figure out how to connect the Smart Card authentication with the Shiboleth SSO. Any ideas ?

Ok... there are two boundaries here from our side. - We do not have your smart cart to check. - Personally my trial license for O365 is expired. From your situation what I can understand... you actually configured using your SmartCard for authenticating Gluu Server. The rest of the situation is pure SAML configuration between Gluu Server and O365. Here is what I can suggest: - Try to complete and configure SSO between Gluu server and O365 without your smart card. - If you achieve success in above case; add your smartcard in the flow. - Compare logs and configuration between above two steps; you should see the differences.

Ice, One our partners, [Nixu](https://www.nixu.com/), has implemented this solution for another one of their customers. If you have any budget for professional services, they may be able to help you. I'm going to close out this ticket for now. If you are able to implement a solution we would be very interested to see and share your implementation on our docs site. Thanks in advance, Will