Fresh install of 4.0 with shibboleth New trust relationship with samltest.id , metadata is ok , but status is not verified Samltest with "test your idp " not working ( Web Login Service - Unsupported Request The application you have accessed is not registered for use with this service. ) but compared to version 4.1 , it reaches the login page ... Rp is configured ( all ) , addded Username and TransientID So ... with 4.0 or 4.1 , i cant verify TR , so no shibboleth I dont think i made same mistache on setup ( or maybe ? )

and in 4.0 cant add another TR , not even edit or delete the existing one ( samltest.id ) ... Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request POST /identity/trustmanager/addTrustRelationship.htm. Reason: Error reading from remote server

Not even in nighty build 4.1.039 the validation of TR dont work , same no delete or edit of the single added tr , no login page on test IdP ....

Ok , back to v 4.1 with workaroud for identity war , my Idp metadata is ok , TR is validated ( samltest.id ) but my login page not work , testing with samltest i obtain error 400 Bad Request Your browser sent a request that this server could not understand. And i cant add another TR or even edit existent ...502. That's an error. The server encountered a temporary error and could not complete your request. Please try later again. Some interest on this ticket , please ?

Hi Stroe Marian, Thanks for reaching out gluu support , Can you please send me the steps you are following to setting up the TR. can you please do the following. 1) Go to https://sptest.iamshowcase.com/ 2) Navigate to instruction --> Idp inititated SSO. 3) download the meta data xml 4) Login to gluu server 5) Add trust relationship with downloaded metadata 6) configured nameid (if requried) 7) back to https://sptest.iamshowcase.com/ 8) place the content of https://yourgluuserver/idp/shibboleth. 9) on completion you will get the link to test SSO 10) Test the SSO flow. Thanks and Regards Mohit Mali

I cant add another TR ( if you read all my comments ) ...... not edit or delete the single one existing ( samltest.id ) The steps are from https://gluu.org/docs/ce/4.0/integration/saas/saml_test_id/

Hi Stroe, thats really strange , can you do fresh installaiton or provide me logs to check . Thanks and regards Mohit Mali

Fresh install from repo v 4.1 Applications max ram 3072 Install oxAuth True Install oxTrust True Backends wrends Java Type jre Install Apache 2 web server True Install Shibboleth SAML IDP True Install oxAuth RP True Install Passport True Install Casa False Install Oxd False Install Gluu Radius True In this form/setup , i can add multiple TR , but without validation , all failed With self-signed certificate , samltest.id wont work , cannot retrive metadata !!! ( is available only in IE , with This ssite is not secure, More Information , Go on ... ) If TR is not validate , samltest.id not work i cant do test with https://sptest.iamshowcase.com/, error : HTTP Status 500 – Internal Server Error Type Exception Report Message org.xml.sax.SAXParseException; lineNumber: 3; columnNumber: 1; Content is not allowed in prolog. Description The server encountered an unexpected condition that prevented it from fulfilling the request. Exception javax.servlet.ServletException: org.xml.sax.SAXParseException; lineNumber: 3; columnNumber: 1; Content is not allowed in prolog. com.rsa.tse.sptestng.templating.TemplateFilter.process(TemplateFilter.java:111) com.rsa.tse.sptestng.templating.TemplateFilter.doFilter(TemplateFilter.java:144) Root Cause org.xml.sax.SAXParseException; lineNumber: 3; columnNumber: 1; Content is not allowed in prolog. java.xml/com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:261) java.xml/com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:339) java.xml/javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:122) com.rsa.tse.sptestng.templating.IndexController.process(IndexController.java:221) com.rsa.tse.sptestng.templating.TemplateFilter.process(TemplateFilter.java:100) com.rsa.tse.sptestng.templating.TemplateFilter.doFilter(TemplateFilter.java:144) Note The full stack trace of the root cause is available in the server logs. Perhaps i can install a Let's Encrypt certificate ? https://github.com/GluuFederation/training/wiki/Automatically-enable-HTTPS-on-your-Gluu-Server-with-EFF's-Certbot In this case , the site and metadata are accesible with all browser , but i don't know if the link is correct and is applicable Please tell my the path and what logs you need Thanks for helping me

After i try a lot of versions of Gluu on Ubuntu , i try on Centos , but: A very strange behavior: Fresh install from repo on Centos 7 - the folder /install/community-edition-setup is empty !!! , no setup.py , no content ..... and no error on install Downloading packages: gluu-server-4.1.0-centos7.x86_64.rpm | 1.4 GB 00:08:27 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : gluu-server-4.1.0-centos7.x86_64 1/1 Created symlink from /etc/systemd/system/multi-user.target.wants/machines.target to /usr/lib/systemd/system/machines.target. Created symlink from /etc/systemd/system/machines.target.wants/systemd-nspawn@gluu-server.service to /usr/lib/systemd/system/systemd-nspawn@gluu-server.service. Starting gluu-server ... Verifying : gluu-server-4.1.0-centos7.x86_64 1/1 Installed: gluu-server.x86_64 0:4.1.0-centos7 Complete! So i try v 3.1.7, 4.0 and 4.1 on Ubuntu and 4.1 on Centos . Not even one don't add corect TR or validate, all have problems with login page. So a new one who want to try Gluu can't do that . i guess the rpm and deb packages are wrong ?! Please, somebody ?

So nobody can't help ?

Hi Stroe Marian, Yes validation is failed due to change in identity provider from shibboleth.net but still if the status goes on active it is working fine , so for now can you ignore the TR validaiton and test. 1) Go to https://sptest.iamshowcase.com/ 2) Navigate to instruction --> Idp inititated SSO. 3) download the meta data xml 4) Login to gluu server 5) Add trust relationship with downloaded metadata 6) configured nameid (if requried) 7) back to https://sptest.iamshowcase.com/ 8) place the content of https://yourgluuserver/idp/shibboleth. 9) on completion you will get the link to test SSO 10) Test the SSO flow. I have just tested it even TR is valid and status is active , it's working fine. and send me logs check https://gluu.org/docs/gluu-server/operation/logs/ Thanks and Regards Mohit Mali

Here is my metadata https://gluu.unibuc.ro/idp/shibboleth It pass the validation on https://www.samltool.com/validate_xml.php On https://sptest.iamshowcase.com/ , it pass the test You successfully federated into this demo site! Below you'll find additional information about the SAML assertion that brought you here. But on samltest.id ,i obtain a error page : Bad Request Your browser sent a request that this server could not understand. Regards

Fresh install of the new 4.1.1 version Same bug with Add TR , when you try to add new trust relationship , error 502 Bad Gateway .... And service idp , after a reboot , wont restart automaticaly ( is in state failed , need manual restart ) I know , "open source ,you can buy support " , but with same recurent bug on different versions , you cannot attract new customers ( i must try before i buy , but i cannot try ... )

>> I know , "open source ,you can buy support " , but with same recurent bug on different versions , you cannot attract new customers ( i must try before i buy , but i cannot try ... ) Agreed. I think I'll just prepare a LONG SCREENCAST video for you ... where it will show: - Installation of 4.1 - Patching 4.1 ( it require because that that validation issue you are facing is fixed in 4.1.1 only ). - Configure SAMLTool.ID with 4.1 - Testing SAMLTool.ID with 4.1 Also, @Mohit.Mali is correct.. though you might get validation issue, it shouldn't hamper your SSO operation at all. Let's see what my testing reveal, I'll share Two videos.

Happy Easter ! I'm glad to hear about video tutorials , it is a great thinks ,i'll be waiting for that Thanks a lot for support !

Happy Easter, Stroe, Here are promised screencasts: - Install Gluu Server 4.1: https://youtu.be/gFmguAMOwRY - Patching Gluu Server oxTrust: https://youtu.be/KRnWVt6xrc8 - SamlTest.id configuration and testing: https://youtu.be/YRBdnFeNUnk

Thanks for detailed videos , great job ! All steps ok ( but i installed Passport and Radius ,i need later ) In Chrome and IE i have problem with self-signed certificate , but it work in Firefox It is possible , if i don't ask too much , a video how to configure Gluu with GSuite authentication ( not GSuite SSO , only validate users on Gluu with GSuite ( I try with Passport , but i can't do a proper auth .... and logs are empty after gluu get profile from GSuite ....) Thanks a lot ,for your time and patience!

>> It is possible , if i don't ask too much , a video how to configure Gluu with GSuite authentication ( not GSuite SSO , only validate users on Gluu with GSuite ( I try with Passport , but i can't do a proper auth .... and logs are empty after gluu get profile from GSuite ....) Please open ticket for that. Sorry, I can't promise any screencast ( as we have to maintain high SLA for customers ) anytime soon but if I can manage some time... I'll definitely record one. Hopefully you will understand our situation. :-)