Got it. I re-read your earlier reply, and think I was a bit confused.
The first part sounds like a standard SSO transaction: user attempts to access your protected app, gets redirected to Gluu for authentication, passes, and gets redirected back to the protected content.
So you should start by getting that working.
You need to secure the target app with OpenID Connect or SAML so it can leverage Gluu for authentication.
Have you read the [integration guide](https://gluu.org/docs/ce/integration/) ?
In any standard SSO workflow, a user record is created in the target app, just sans password.