By: Timothy Millett user 30 Jan 2019 at 12:51 a.m. CST

6 Responses
Timothy Millett gravatar
I am trying to run the demo app as decribed here (https://www.gluu.org/docs/ce/authn-guide/inbound-saml-passport/). My Gluu server is up and running and I am running the demo app locally on my macbook and when I try to click on one of the IDP buttons I get the following: ``` HTTP ERROR 404 Problem accessing /oxauth/authorize. Reason: Not Found Powered by Jetty:// 9.4.12.v20180830 ``` I am authenticating against my Gluu server, I can login with any user via the `https://gluu.myserver.net/oxauth/login.htm` and I am also using that as my entry point in the `passport-saml-config.json` . Did I miss anything?

By Michael Schwartz staff 30 Jan 2019 at 1:53 a.m. CST

Michael Schwartz gravatar
You are using a real DNS name for your Gluu Server? Can you perhaps add a host entry for your demo app in the hosts file on the server? Do you check the apache logs?

By Jose Gonzalez staff 30 Jan 2019 at 8:33 a.m. CST

Jose Gonzalez gravatar
Hi Timothy, We renamed the `/oxauth/authorize` endpoint recently but demo source code wasn't adjusted to conform. I applied the fix. Please clone again this repo https://github.com/GluuFederation/Inbound-SAML-Demo or manually apply [this](https://github.com/GluuFederation/Inbound-SAML-Demo/commit/4077599b80ab6f1704dcbabd5bad76f8877829e4) change

By Timothy Millett user 30 Jan 2019 at 10:45 a.m. CST

Timothy Millett gravatar
Thanks Jose, that was it. Another quick question, how do I get the email to show, or better yet, login with the email address instead of the username?

By Aliaksandr Samuseu staff 30 Jan 2019 at 12:35 p.m. CST

Aliaksandr Samuseu gravatar
Hi, Timothy. >how do I get the email to show, or better yet, login with the email address instead of the username? Could you elaborate? Where do you need it to be shown? Just to clarify things, Passport-SAML authentication is a different process from the "Gluu server <-> Test app" part of the flow. There is sort of a layer of abstraction between those. So if you need the test app to provide a different output, you just need to modify [its source code](https://github.com/GluuFederation/Inbound-SAML-Demo/blob/master/server.js) accordingly (what is out of scope of Community support). The app already requests "email" scope from Gluu Server, so it should has the user's email at its disposal.

By Michael Schwartz staff 30 Jan 2019 at 12:48 p.m. CST

Michael Schwartz gravatar
For password authentication, see [https://gluu.org/docs/ce/3.1.5/admin-guide/oxtrust-ui/#manage-ldap-authentication](https://gluu.org/docs/ce/3.1.5/admin-guide/oxtrust-ui/#manage-ldap-authentication) And set `Primary Key` to `mail` (i.e. ldap name of email attribute).

By Timothy Millett user 30 Jan 2019 at 1:21 p.m. CST

Timothy Millett gravatar
Thanks Mike. I can login with email now. Jose, I connected 2 remote active directories and I was logging in with the username, but wanted use the email address instead. But email was the most important, so that way we can apply the appropriate redirect page. I think I have enough to roll on from here. Will come back if I get stuck again Thanks.