Unable to create saml-trustrelationships of type Federation/Aggregate

By: Tomas Liljebergh user 11 Mar 2022 at 3:26 a.m. CST

7 Responses
Tomas Liljebergh gravatar
We have been running gluu 4.1.1 for a few years and are now trying to install a new server running 4.3.1. In 4.1.1 we was able to add trusts for our federations using the form in gluu, SAML-Trust Relationships-Add Relationships and in that form select Entity-type Federation/aggregation. Configuring it works fine but after update and activate it shows up as a SERVICE_PROVIDER in the list of trusts when it should be a FEDERATION. This works well in 4.1.1. With this problem we cant add all SP that are using our federation. Opening the trust in the gui we can see that it is configured as a Federation. If i try to add a SP in the federation and select single-sp -Federation there is no federation to select from. Metadata for the federation is downloaded as it should. Any idea?
Gluu 4.3 Ubuntu 20.04
closed

Answers

By Aliaksandr Samuseu staff 11 Mar 2022 at 4:36 a.m. CST

Copy
Aliaksandr Samuseu gravatar
Hi, Tomas. Could you share the metadata in question (or let us know how to acquire it), as well as screenshot of the this TR's configuration page so we could see the settings you choose for it?

By Tomas Liljebergh user 11 Mar 2022 at 4:51 a.m. CST

Copy
Tomas Liljebergh gravatar
You can find the metadata at: https://mds.swamid.se/md/swamid-sp-transative.xml That is the URI we are using in our 4.1.1 installation and there it works well with thousends of succeded logins everyday. I have shared 2 pictures with you showing the pages in the GUI. https://cloud.oru.se/s/QYBdo2Z2rwWmRYn https://cloud.oru.se/s/5B2DjLaMxdZp5n9 Regards Tomas

By Tomas Liljebergh user 17 Mar 2022 at 4:31 a.m. CDT

Copy
Tomas Liljebergh gravatar
Any news about this? We are stuck in our upgrading /Tomas

By Tomas Liljebergh user 21 Mar 2022 at 4:40 a.m. CDT

Copy
Tomas Liljebergh gravatar
Hello again! After analyzing what actually happens in Gluu when configuring a federation we realized that when saving the trust Gluu doesnt set the attribute in ldap that shows that the trust is a federation. When we altered this using an ldap-browser the federation works. We have tested this on 2 instances of 4.3.1 and both have the same error. Guess there is an error in the gluu-code for this. At least we could make a workaround and go on with our project /Tomas

By Mohib Zico Account Admin 22 Mar 2022 at 1:08 p.m. CDT

Copy
Mohib Zico gravatar
@Mohit.Mali: can we do a quick QA on this?

By Mohit Mali staff 28 Mar 2022 at 5:33 a.m. CDT

Copy
Mohit Mali gravatar
@Mohib.Zico ok i"ll check.

By Mohit Mali staff 01 Apr 2022 at 1:02 a.m. CDT

Copy
Mohit Mali gravatar
Hi Tomas Liljebergh, I tried to replicate the issue and i faced no such problem on creating Federation/Aggregate Trust relationship in my environment. > You can find the metadata at: https://mds.swamid.se/md/swamid-sp-transative.xml That is the URI we are using in our 4.1.1 installation and there it works well with thousends of succeded logins everyday. > i tried your metadata url as well to create trust relationship, which led to incative trust relationship. as suggestion please try a different metadata url to add a trust relationship and inform us if you get the same result. Thanks and regards Mohit Mali.

Post an answer