By: Zach Tubb user 30 Oct 2017 at 4:04 p.m. CDT

3 Responses
Zach Tubb gravatar
Hello, we've integrated Gluu as a SAML provider for several COTS tools already and are now trying to integrate it with a custom node app but are running into an issue. The node app is using the [passport-saml](https://github.com/bergie/passport-saml) library. We see the users being authenticated with our custom script in oxauth_script.log. But we can see in the browser that gluu is in a redirect loop or something to its oxauth rest url. I can see the following in our oxauth.log for one of the COTS tools we have (working normally): ``` 2017-10-30 18:19:20,303 INFO [qtp2008017533-17] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:342) - Authentication success for User: 'Zachary Tubb' 2017-10-30 18:19:20,559 INFO [qtp2008017533-20] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:206) - Authentication success for Client: '@!52B7.C123.C61E.96EF!0001!AD2D.E031!0008!5481.5245' ``` But for the node app all I see logged is: ``` 2017-10-30 18:38:39,831 INFO [qtp2008017533-19] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:342) - Authentication success for User: 'Zachary Tubb' ``` Here is our passport snippet within the node app: ``` const ss = new SamlStrategy( { callbackUrl: "https://<node-url>/login/callback", entryPoint: "https://<gluu-url>/idp/profile/SAML2/Redirect/SSO", issuer: "UA-SAML", cert: xyz_cert }, function(profile, done) { return done(null, profile); }); passport.use(ss); ``` I believe our metadata is good - entity names match between SP and IdP. Are you aware of any issues with Gluu and passport-saml? Or can you think of any common misconfigurations that would prevent authentication from being performed?

By Michael Schwartz Account Admin 30 Oct 2017 at 4:13 p.m. CDT

Michael Schwartz gravatar
We're actually working on this right now, especially to enable support of multiple SAML IDP's. Perhaps BAH.com wants to purchase a support contract?

By Zach Tubb user 30 Oct 2017 at 4:23 p.m. CDT

Zach Tubb gravatar
We don't require multiple SAML IdPs. We want Gluu to be the sole SAML IdP - and that's working great for our COTs tools. We're just unsure why Gluu is failing to perform client authentication for the node app.

By Michael Schwartz Account Admin 30 Oct 2017 at 4:24 p.m. CDT

Michael Schwartz gravatar
Ok, let us know what you find out.