SP and IDP Integration

By: prerna arote user 28 Dec 2015 at 4:19 a.m. CST

9 Responses
prerna arote gravatar
Hi, I wanted to use mini orange saml 2.0 plugin (not premium) of wordpress with gluu for SSO. It is asking me to fill few attributes like, Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate. Can I use it for SSO?
None
closed

Answers

By Mohib Zico Account Admin 28 Dec 2015 at 4:48 a.m. CST

Copy
Mohib Zico gravatar
>> It is asking me to fill few attributes like, Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate. All these information are available in your Gluu Server SAML Metadata ( https://<hostname>/idp/shibboleth )

By prerna arote user 28 Dec 2015 at 5 a.m. CST

Copy
prerna arote gravatar
Hi, Yes. Thanks. This I got it. But, using this when I am creating trust relationship inside gluu, I dont have metadata of SP. But I know few attributes like, SP-EntityID / Issuer, ACS (AssertionConsumerService) URL, Audience URI, NameID format, Recipient URL, Destination URL. Which option should I select in metadata type (URI/file/generation/federation)?? URI is not working. Metadata says, validation log error: 2015-12-24 10:08:18 : ERROR : cvc-elt.1.a: Cannot find the declaration of element 'w:wordDocument'. This error because, I dont have metadata file. What is the solution to this?

By Mohib Zico Account Admin 28 Dec 2015 at 6:54 a.m. CST

Copy
Mohib Zico gravatar
You can write SP metadata by yourself if it's not available. This is really weird that SP do not supply metadata. My suggestion would be to move for Shibboleth SP configuration in your website. This is pretty easy and metadata generation is automatic as well. [Here](http://www.gluu.org/docs/articles/ubuntu-shib-apache/ ) is a quick doc on how to install Shibboleth SP. >> Which option should I select in metadata type (URI/file/generation/federation)?? Doc has description on this: http://www.gluu.org/docs/admin-guide/saml/outbound-saml/#saml-trust-relationship

By Michael Schwartz Account Admin 28 Dec 2015 at 10:44 a.m. CST

Copy
Michael Schwartz gravatar
Gluu is working on a Wordress plugin, which requires the oxd server (client) to be running on your wordpress web server. For more info, check out these instructions: [https://github.com/GluuFederation/gluu-wordpress-oxd-login-plugin](https://github.com/GluuFederation/gluu-wordpress-oxd-login-plugin) Its not quite done yet, but it may be a better option than SAML for wordpress when its done.

By prerna arote user 28 Dec 2015 at 11:52 p.m. CST

Copy
prerna arote gravatar
Thank You Mohib and Michael. Can I do with Moodle, there is Shibboleth configuration option? Kindly, let me know, moodle and gluu is possible or not for SSO using shibboleth. There is also CAS (SSO) option but as it is older protocol, i think we should prefer Shibboleth.

By Mohib Zico Account Admin 28 Dec 2015 at 11:57 p.m. CST

Copy
Mohib Zico gravatar
Moodle has a pretty straight forward procedure available for Shibboleth connectivity. It shouldn't be complex.

By prerna arote user 29 Dec 2015 at 12:20 a.m. CST

Copy
prerna arote gravatar
Will it work for single sign on? Steps will be: 1.Configure manage auth->shibboleth in moodle 2.Install Shibboleth on gluu IDP 3.Add trust relationship in gluu Do i need to do more?

By Mohib Zico Account Admin 29 Dec 2015 at 12:23 a.m. CST

Copy
Mohib Zico gravatar
It should. I know our customers integrated it.

By prerna arote user 29 Dec 2015 at 12:26 a.m. CST

Copy
prerna arote gravatar
Thank You.

Post an answer