By: Jerry Brower Account Admin 22 Nov 2022 at 2:03 p.m. CST

4 Responses
Jerry Brower gravatar
We want to move away from PingOne Enterprise (way overkill for our needs) to Gluu, but our users have grown to like the Dock feature: https://docs.pingidentity.com/bundle/pingoneforenterprise/page/lwn1564020485027.html This dock is logged in using SSO, then has all the cloud services that their login is eligible for are displayed in this dock, where the user can click on and not be prompted again for credentials. Is there something already like this for Gluu or may I request it if not.

By Aliaksandr Samuseu staff 22 Nov 2022 at 2:35 p.m. CST

Aliaksandr Samuseu gravatar
Hi, Jerry. By the look of it, it seems close to what section "Initiating Login from a Third Party" of [OIDC core spec](https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin) describes. And what is known as "IDP-initiated SSO" in SAML world. Usage of both isn't considered a good practice, yet some vendors decide to go in this direction anyway. Gluu Server already allows user to be authenticated just once, and then be able to access the rest of their services without providing credentials again. They just need to access the site they need first, using the usual navigation practices (like browser bookmarks). Gluu Server supports both the OIDC and SAML way of initiating authentication flow from OP/IDP, but there is no web UI like the one described in the article you referenced. To start a flow like this, an uri of specific format needs to be manually crafted. So, in a nutshell, there is nothing like that, but if it's really needed, you could develop an auxiliary web app that would display all services supported by your organization, and upon user clicking on an icon would just redirect them to a certain uri pointing to your Gluu Server where authentication will happen, if needed. In such simple form the list of apps won't be personalized. If this is also a requirement, then auxiliary web app could first authenticate the user itself, then use SCIM to fetch a list of apps they have registered from Gluu Server - and then allow them to select one. Hope this helps.

By Jerry Brower Account Admin 22 Nov 2022 at 6:20 p.m. CST

Jerry Brower gravatar
OK, I was hoping that someone maybe already invented this for Gluu, since it is super convenient, but maybe added to a feature list then?

By Aliaksandr Samuseu staff 30 Nov 2022 at 2:55 p.m. CST

Aliaksandr Samuseu gravatar
Hi, Jerry. I mentioned this suggestion in an internal chat, and it turns out there is no plans for implementing it as OOTB feature in foreseeable future. We have [partners](https://gluu.org/service-partners/) which could probably assist you with implementing it, as an option. I was told that @Davin.Cooke was planning to introduce you guys to one of them, I'll ask him to share his thoughts.

By Aliaksandr Samuseu staff 30 Nov 2022 at 3:24 p.m. CST

Aliaksandr Samuseu gravatar
Davin has let me know he already suggested you some partner via email - hopefully you got it. I'll be closing the ticket, feel free to open another one in case of further questions.