Hey Yves, Please allow me to understand your question... When you say 'superuser'... where this user has super privilege? In your backend?

Sorry, for the too short description of my problem. not in the backend of gluu, in a connected application. if i login, the gluu server should notice a special attribut (f.e. superuser=1) after this i want to redirect to a custom page. at the page will be a list of all users of a usergroup. the superuser can login as one of this user (metadata change to another user). Use Case: there is a service partner - this partner will do something in the name of a user in the system (some of the users will pay for that service) - therefor i need a super user for this service partner.

Ok. Another question... what kind of SSO protocol you are going to use for this SP? SAML or OpenID Connect?

sorry for the late answer! we like to connect the SP with SAML (later other SP will be provided with openID). If you need more information please let me know! BR

For SAML SSO, you can create a custom attribute and release that to SP. As for example... custom attribute 'superuser'. Now ask SP to make this attribute as checklist from their side. You are going to release this attribute with it's value ( either 1 or 0 ) from IDP side and SP will do the rest.