By: prerna arote user 14 Dec 2015 at 12:16 a.m. CST

5 Responses
prerna arote gravatar
I want gluu as IDP who will connect to SP (web service). I have CAS SSO option in that web service. I wanted to configure this CAS SSO. It asks: hostname, Base URI, port, protocol version, proxy mode, CAS logout option etc.. For this, what shall I modify in gluu (idp)?? Basically, I would like to perform SSO using CAS.

By Mohib Zico staff 14 Dec 2015 at 12:45 a.m. CST

Mohib Zico gravatar
First suggestion... better not use CAS if you can. It's an old SSO protocol. IDP-SP connectivity can be achieved with SAML or OpenID-Connect. Second, we are giving CAS support for few customers right now; there is no doc in public forum. May be we will include this doc in future on how to use CAS feature of Gluu Server.

By prerna arote user 14 Dec 2015 at 1:39 a.m. CST

prerna arote gravatar
Okay. Can I use shibboleth service of my SP for IDP-SP connectivity? Purpose will be SSO.

By Mohib Zico staff 14 Dec 2015 at 2:35 a.m. CST

Mohib Zico gravatar
Yes. We have a fantastic [Getting Started]( guide, please take a look at 'Single Sign On' section.

By prerna arote user 14 Dec 2015 at 5:27 a.m. CST

prerna arote gravatar
so, if I go for shibboleth then 1) I am supposed to fill shibboleth info into SP. 2) Create trust relationship in gluu (SAML-> Add trust relationship) 3) Update 4) try to login through SP What else is required?

By Aliaksandr Samuseu staff 15 Dec 2015 at 9 a.m. CST

Aliaksandr Samuseu gravatar
Hi, Prerna. In a nutshell, you need to establish a mutual trust between your SAML SP (located where your web service is) and SAML IdP (your Gluu instance). That is done through exchanging of so-called SAML metadata. In Gluu it's done by creating of Trust Relationship, that's correct; you can access Gluu's SAML metadata by url like []( Regarding how to do it in your SP - that depends, as there are a lot of different software packages and SAAS services that can serve as one. The guide Zico mentioned shows how to do that in case your web service is protected by Shibboleth, a popular open-source implementation of SAML SP. You will need to consult documentation of actual software package you are using. After you are done with metadata, you need to decide which attributes your SP needs to handle SSO. It may be that you'll need to create custom attributes at Gluu IdP to serve its needs, but Gluu already have a nice selection of ready-to-use attributes out of the box. Regards, Alex.