SAML authentication

By: Mohamed EL HAJJ user 04 Feb 2015 at 9:19 a.m. CST

4 Responses
Mohamed EL HAJJ gravatar
Hi, After configuring a RP in Gluu, i tried SAML authentication. First, when accessing to the RP, the redirection was to Remote User authentication Page. So i commented out "Remote user" login handler in /opt/idp/conf/handler.xml and in /opt/tomcat/conf/shibboleth2/idp/handler.xml.vm after this configuration the redirection to a user/Pass authentication page occurs. But after authenticating, i got an error : invalid attribute description. I finally found that the origin of this error was : userField="$userField" in login.config i changed it to userField="uid" in /opt/idp/conf/login.config and in /opt/tomcat/conf/shibboleth2/idp/login.conf.vm and now it works. Can you please guide to a correct configuration using gluu user interface? (choose default authentication per RP, and configure user field in login.config) Thank you
None
closed

Answers

By Mohib Zico Account Admin 04 Feb 2015 at 9:25 a.m. CST

Copy
Mohib Zico gravatar
http://www.gluu.org/docs/admin-guide/saml/outbound-saml/#saml-trust-relationship

By Mohamed EL HAJJ user 04 Feb 2015 at 9:45 a.m. CST

Copy
Mohamed EL HAJJ gravatar
It is after i followed this doc that i got these erros. Can you please point out in which paragraph we can configure login Handlers and userfield in login.config?

By Mohib Zico Account Admin 04 Feb 2015 at 9:48 a.m. CST

Copy
Mohib Zico gravatar
You can't configure login Handler from GUI as configuring / changing login hanlder is not a feature. Basically what you did is a hack. :)

By Oleksiy Tataryn user 04 Feb 2015 at 10:54 a.m. CST

Copy
Oleksiy Tataryn gravatar
CE will support IDP shortly. It will use oxAuth for management of the authentication, so login.config will be irrelevant as long as it is valid. For now, since you have already figured out proper login handler you can just add line like `idp.user.fields=uid, mail ` to your /opt/tomcat/conf/oxTrust.properties. It should generate userField="uid, mail" in login.config Please do ldapdelete ou=oxtrust,ou=configuration (accurate dn can be found in /opt/tomcat/conf/oxTrustLdap.properties) after configuration update and before tomcat restart so that configuration is properly updated.

Post an answer