By: Mirko Teodorovic user 31 Mar 2019 at 8:53 a.m. CDT

8 Responses
Mirko Teodorovic gravatar
What is possible within the interception script? Whould it be possible that for example from registration script I call some 3rd party user endpoint for creating account so that way I can have user with same username in some 3rd party system.

By Mohammad Abudayyeh staff 31 Mar 2019 at 9:48 a.m. CDT

Mohammad Abudayyeh gravatar
Hi Mirko, Please take a deeper look at our [docs]( to get a better understanding.

By Mirko Teodorovic user 31 Mar 2019 at 4:30 p.m. CDT

Mirko Teodorovic gravatar
maybe I've should mention that that 3rd party system is something that I need to integrate into my system and that it only has a native authentication. so idea is to use gluu for authentication using for example openidconnect. when I create user in gluu I want o create user in that 3rd party system. then I would use kong and openid connect plugin, all requests to that 3rd party system would go through the kong which will do the openidconnect authentication with gluu and the forward requests to that 3rd party system with user info ( previously created in registration ) in the header.

By William Lowe staff 31 Mar 2019 at 7:41 p.m. CDT

William Lowe gravatar
Sounds pretty complicated.. I would start with small steps. If you need to support authentication at an external provider, follow our [inbound identity docs]( > ..normalizes the process of supporting user authentication at external identity providers and offers a standard mapping for user claims and user registration in your Gluu Server. It sounds like that would be a good place to get started. Thanks, Will

By Mirko Teodorovic user 01 Apr 2019 at 6 a.m. CDT

Mirko Teodorovic gravatar
If I understand these docs correctly all these inbound identities are oauth2 capable while my service doesnt support oauth2 and I need to enable sso for it. Or you are suggesting that I should make additional strategy for passport to support my service?

By William Lowe staff 01 Apr 2019 at 6:09 a.m. CDT

William Lowe gravatar
Got it. I re-read your earlier reply, and think I was a bit confused. The first part sounds like a standard SSO transaction: user attempts to access your protected app, gets redirected to Gluu for authentication, passes, and gets redirected back to the protected content. So you should start by getting that working. You need to secure the target app with OpenID Connect or SAML so it can leverage Gluu for authentication. Have you read the [integration guide]( ? In any standard SSO workflow, a user record is created in the target app, just sans password.

By Mirko Teodorovic user 04 Apr 2019 at 4:52 a.m. CDT

Mirko Teodorovic gravatar
Hi, thanks for your support I understand that I need to secure target app with openid connect or saml I wanted to user openidconnect My idea was to use kong with lua openidconnect plugin when user tries to access my service kong will intercept and start the authentication process, when succesfull it sends x-user-info header to the service, so I would have to adjust my service to user this headear for authorizaiton. x-user-info would have user name of the existing user in my service. Now the reason why I was asking for the interception script features is that I wanted to make sure that when I create user in gluu automatically I create user in my service

By William Lowe staff 04 Apr 2019 at 6:13 a.m. CDT

William Lowe gravatar
Adding the user to the target app db is outside the scope of what interception scripts do. Interception scripts customize Gluu behavior, and have no control over relying applications. When the user authenticates at Gluu, Gluu releases information to the target app. What the target app decides to do with the information obtained from Gluu is totally up to the application.

By Mirko Teodorovic user 05 Apr 2019 at 10:24 a.m. CDT

Mirko Teodorovic gravatar