By: Rex Shen user 24 Mar 2019 at 9:39 a.m. CDT

6 Responses

Hi admin, I am a junior in IT. Now I have a gluu server and a G-suite admin account I want to make gluu server be a centralized identity provider to my internal servers When i ask gluu server ＆ gluu ask google. It's just like... internal server1 ---------> internal server2 --------> gluu ------------> google internal server3 --------> after i read those tutorials , https://gluu.org/docs/ce/3.1.5/authn-guide/inbound-saml-passport/ https://gluu.org/docs/ce/3.1.5/admin-guide/saml/#create-a-trust-relationship-in-the-gluu-server as i know , it is like ... internal serviers --------------------------------------- gluu --------------------------------------------google SP(Websites) , IDP (Gluu Server). --------------------------------- SP(Gluu server) , IDP (google) If i was wrong , please help me and give me some tips. I follow this tutorial https://gluu.org/docs/ce/authn-guide/inbound-saml-passport/ ，and i have passport-saml-config.json But i just don't know how to register the SP at external IDP so i found this tutorial by google https://community.canvaslms.com/docs/DOC-8667-google-authentication-as-saml-idp And i change gluu > canvas，but at the no.9 9.Service Provider Details : I don't know how to fill in SP's ACS URL , Entity ID , Start URL please help me to solve the problems. Sorry for my bad english......

CentOS 7.4

closed

By Michael Schwartz Account Admin 24 Mar 2019 at 6:24 p.m. CDT

Copy

You should be looking at the inbound [identity section of the docs](https://gluu.org/docs/ce/3.1.5/authn-guide/passport/)

By Aliaksandr Samuseu staff 25 Mar 2019 at 11:12 a.m. CDT

Copy

Hi, Rex. In addition to the doc page shared by Michael, you may want to check [this one](https://gluu.org/docs/ce/3.1.5/tutorials/passport-inbound-flow/), it provides step-by-step instructions on how to setup a basic test environment for Passport-SAML flow.

By Rex Shen user 26 Mar 2019 at 5:29 a.m. CDT

Copy

Thank you for your kind assistance. I follow the tutorial https://gluu.org/docs/ce/3.1.5/authn-guide/passport/ after use External Providers: google ,i got "An error occurred" my /opt/gluu/jetty/oxauth/logs/oxauth_script.log as below 2019-03-26 10:12:13,057 INFO [qtp804611486-11] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. prepareForStep called 1 2019-03-26 10:12:13,059 INFO [qtp804611486-11] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. parseProviderConfigs. Adding social providers 2019-03-26 10:12:13,063 INFO [qtp804611486-11] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. prepareForStep. A page to manually select an identity provider will be shown 2019-03-26 10:12:13,063 INFO [qtp804611486-11] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getExtraParametersForStep called 2019-03-26 10:12:16,198 INFO [qtp804611486-11] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. authenticate called 1 2019-03-26 10:12:16,199 INFO [qtp804611486-11] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. authenticate for step 1. Retrying step 1 2019-03-26 10:12:16,200 INFO [qtp804611486-11] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getExtraParametersForStep called 2019-03-26 10:12:16,200 INFO [qtp804611486-11] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getCountAuthenticationSteps called 2019-03-26 10:12:16,201 INFO [qtp804611486-11] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getExtraParametersForStep called 2019-03-26 10:12:16,348 INFO [qtp804611486-13] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. prepareForStep called 1 2019-03-26 10:12:16,348 INFO [qtp804611486-13] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. parseProviderConfigs. Adding social providers 2019-03-26 10:12:16,355 INFO [qtp804611486-13] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getPassportRedirectUrl. Obtaining token from passport at https://gluu.example.com.tw/passport/token 2019-03-26 10:12:16,408 INFO [qtp804611486-13] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getPassportRedirectUrl. Response was 200 2019-03-26 10:12:16,410 INFO [qtp804611486-13] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getExtraParametersForStep called 2019-03-26 10:12:16,950 INFO [qtp804611486-13] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. prepareForStep called 1 2019-03-26 10:12:16,951 INFO [qtp804611486-13] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. parseProviderConfigs. Adding social providers 2019-03-26 10:12:16,952 INFO [qtp804611486-13] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. prepareForStep. A page to manually select an identity provider will be shown 2019-03-26 10:12:16,953 INFO [qtp804611486-13] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getExtraParametersForStep called my /opt/gluu/node/passport/server/logs/passport.log as below 2019-03-26T10:17:17+0000 [INFO] reloadConfiguration. Passport strategies have been parsed 2019-03-26T10:17:17+0000 [INFO] /opt/gluu/node/passport/server/idp-metadata/your_idp_name1.xml saved successfully 2019-03-26T10:17:17+0000 [INFO] /opt/gluu/node/passport/server/idp-metadata/your_idp_name2.xml saved successfully so...it's that mean... if i want login gluu by google i should change "your_idp_name1.xml "?

By Michael Schwartz Account Admin 26 Mar 2019 at 5:36 a.m. CDT

Copy

Unfortunately, interception script support is outside the scope of community support.

By Rex Shen user 26 Mar 2019 at 7:52 a.m. CDT

Copy

Oh, ok... Still thank you for your prompt reply.

By Mohammad Abudayyeh staff 29 Mar 2019 at 2:30 a.m. CDT

Copy

Feel free to contact us regarding this issue if you wish to upgrade your support plan.

You need to Login in order to post an answer

Inbound SAML - G-suite to be external IDP

By: Rex Shen user 24 Mar 2019 at 9:39 a.m. CDT

Answers

By Michael Schwartz Account Admin 24 Mar 2019 at 6:24 p.m. CDT

By Aliaksandr Samuseu staff 25 Mar 2019 at 11:12 a.m. CDT

By Rex Shen user 26 Mar 2019 at 5:29 a.m. CDT

By Michael Schwartz Account Admin 26 Mar 2019 at 5:36 a.m. CDT

By Rex Shen user 26 Mar 2019 at 7:52 a.m. CDT

By Mohammad Abudayyeh staff 29 Mar 2019 at 2:30 a.m. CDT

Post an answer