By: Stephen LAI user 17 Feb 2017 at 3:36 a.m. CST

7 Responses
Stephen LAI gravatar
If I install either Inbound SAML (Asimba SAML Proxy) or Outbound SAML (Shibboleth SAML IDP) in a Gluu Server, it is OK. But, if I install both Inbound SAML and Outbound SAML in the same Gluu Server, the server will not be working properly, and oxTrust will response in the browser with: >Service Unavailable > >The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. In short, the following two installation settings are OK. Only Shibboleth is installed, it is OK ``` Install oxAuth True Install oxTrust True Install LDAP True Install JCE 1.8 True Install Apache 2 web server True Install Shibboleth SAML IDP True Install Asimba SAML Proxy False Install CAS False Install oxAuth RP True Install Passport True ``` Only Asimba is installed, it is OK ``` Install oxAuth True Install oxTrust True Install LDAP True Install JCE 1.8 True Install Apache 2 web server True Install Shibboleth SAML IDP False Install Asimba SAML Proxy True Install CAS False Install oxAuth RP True Install Passport True ``` However, with the following installation setting (with both Shibboleth and Asimba installed), it is **_NOT_** OK. ``` Install oxAuth True Install oxTrust True Install LDAP True Install JCE 1.8 True Install Apache 2 web server True Install Shibboleth SAML IDP True Install Asimba SAML Proxy True Install CAS False Install oxAuth RP True Install Passport True ``` Moreover, I have tried also not installing oxAuth RP nor Passport, it is still **_NOT_** OK. ``` Install oxAuth True Install oxTrust True Install LDAP True Install JCE 1.8 True Install Apache 2 web server True Install Shibboleth SAML IDP True Install Asimba SAML Proxy True Install CAS False Install oxAuth RP False Install Passport False ``` I wonder whether it is not allowed to install both Inbound SAML and Outbound SAML in the same Gluu Server.

By Mohib Zico staff 17 Feb 2017 at 4:13 a.m. CST

Mohib Zico gravatar
There is no problem if you install both; in fact you need both Shibboleth and Asimba bits to setup SAML Proxy setup. However give such VM more memory and CPU. Generally we test with 8GB memory when we move for Shibboleth and Asimba. It will be faster processing.

By Stephen LAI user 20 Feb 2017 at 12:56 a.m. CST

Stephen LAI gravatar
Thanks for response from Mohib. I have a VM with 4 vCPUs and 16GB memory. And then, I have the Gluu server setup again with following settings: ``` Applications max ram 8192 Admin Pass ******** Install oxAuth True Install oxTrust True Install LDAP True Install JCE 1.8 True Install Apache 2 web server True Install Shibboleth SAML IDP True Install Asimba SAML Proxy True Install CAS False Install oxAuth RP True Install Passport True ``` This time, the Gluu server is OK (oxTrust shows the login page, and I can log in properly) just after the setup operation. However, when I stop the server (service gluu-server-3.0.0 stop), and then start the server (service gluu-server-3.0.0 start) again. The same problem occurs again. That is, when I try to access the system, oxTrust stops at "https://gluu-svr-saml.appcara.hk/identity/" (but not goes to "https://gluu-svr-saml.appcara.hk/oxauth/login") and shows the following error message in the browser. >Service Unavailable > >The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. And, if I try accessing "https://gluu-svr-saml.appcara.hk/oxauth/login" directly, the system just responds with the following error message. >HTTP ERROR: 503 > >Problem accessing /oxauth/login. Reason: > > Service Unavailable

By Mohib Zico staff 20 Feb 2017 at 1:08 a.m. CST

Mohib Zico gravatar
Please give server 5-10 mins to start it's all services. It should be okay.

By Stephen LAI user 20 Feb 2017 at 3:55 a.m. CST

Stephen LAI gravatar
Thanks again for the second response from Mohib. I have waited for 30 minutes. However, the system still cannot be accessed (the same problem occurs).

By Mohib Zico staff 20 Feb 2017 at 4:07 a.m. CST

Mohib Zico gravatar
Thats unexpected behavior, can you please check if there is any indication of error in startup logs?

By Jos Groot Lipman user 20 Feb 2017 at 9:51 a.m. CST

Jos Groot Lipman gravatar
This sounds exactly like https://support.gluu.org/installation/3734/testing-new-install-of-300-fails-to-startstop-services-after-initial-install/

By Stephen LAI user 20 Feb 2017 at 9:59 p.m. CST

Stephen LAI gravatar
Thanks a lot for the sharing by Jos Groot Lipman. What is mentioned in "https://support.gluu.org/installation/3734/testing-new-install-of-300-fails-to-startstop-services-after-initial-install/" really works. Moreover, it is observed that, the problem (cannot start after stop) only exists when the OS is Ubuntu 16.04 (the problem does not exist if the OS is Ubuntu 14.04).