First suggestion... better not use CAS if you can. It's an old SSO protocol. IDP-SP connectivity can be achieved with SAML or OpenID-Connect. Second, we are giving CAS support for few customers right now; there is no doc in public forum. May be we will include this doc in future on how to use CAS feature of Gluu Server.

Okay. Can I use shibboleth service of my SP for IDP-SP connectivity? Purpose will be SSO.

Yes. We have a fantastic [Getting Started](http://www.gluu.org/docs/admin-guide/getting-started/) guide, please take a look at 'Single Sign On' section.

so, if I go for shibboleth then 1) I am supposed to fill shibboleth info into SP. 2) Create trust relationship in gluu (SAML-> Add trust relationship) 3) Update 4) try to login through SP What else is required?

Hi, Prerna. In a nutshell, you need to establish a mutual trust between your SAML SP (located where your web service is) and SAML IdP (your Gluu instance). That is done through exchanging of so-called SAML metadata. In Gluu it's done by creating of Trust Relationship, that's correct; you can access Gluu's SAML metadata by url like [https://your.gluu.server.host.name/idp/shibboleth](https://your.gluu.server.host.name/idp/shibboleth) Regarding how to do it in your SP - that depends, as there are a lot of different software packages and SAAS services that can serve as one. The guide Zico mentioned shows how to do that in case your web service is protected by Shibboleth, a popular open-source implementation of SAML SP. You will need to consult documentation of actual software package you are using. After you are done with metadata, you need to decide which attributes your SP needs to handle SSO. It may be that you'll need to create custom attributes at Gluu IdP to serve its needs, but Gluu already have a nice selection of ready-to-use attributes out of the box. Regards, Alex.