Idp Initiated SSO Example/Demo

By: Joel Sam Samraj user 03 Aug 2015 at 10:27 a.m. CDT

4 Responses
Joel Sam Samraj gravatar
I was going through the documentation and was looking for some demo or walk-throughs for an Idp Initiated SSO through GLUU. I want to setup an IDP initiated SSO using SAML and I added a trust relationship, but the Validation keeps failing with the message `Element type "t.length" must be followed by either attribute specifications, ">" or "/>".` no idea where to change it. any walk throughs on Idp Initiated SSO will be helpful. Also found [this link](https://support.gluu.org/view/application-integration/idp-initiated-sso-with-gluu-server/1464) in the support, but the answer seems quite vague and it does not really address the question.
None
closed

Answers

By Michael Schwartz Account Admin 03 Aug 2015 at 10:44 a.m. CDT

Copy
Michael Schwartz gravatar
We don't support IDP initiated authentication. If you can figure out how to do it using the Shib IDP, that's fine. But IDP initiated SSO is by definition a one-off configuration. Feel free to post your findings, but we don't recommend it. Also, OpenID Connect does not support IDP initiated authentication, so it can lead to problems when you decide to upgrade to OAuth2.

By Mohib Zico staff 03 Aug 2015 at 10:45 a.m. CDT

Copy
Mohib Zico gravatar
Sam, IDP initiated SSO is something which really doesn't follow any specific documentation/demo, we would love to provide more info if we could. For our customers, Gluu Engineers does that configurations and it require deep knowledge on SAML and Shibboleth. You can go over Shibboleth's wiki: https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO >> Element type "t.length" must be followed by either attribute specifications, ">" or "/>". This problem has nothing to do with Gluu Server or 'IDP-initiated SSO'. Your SP's metadata is problematic and you need to fix that first. 'Validation Failed' means Gluu Server is unable to read and process your SP's metadata.

By Joel Sam Samraj user 03 Aug 2015 at 10:54 a.m. CDT

Copy
Joel Sam Samraj gravatar
thanks for the response guys, too bad my SP only supports IDP enabled SSO and also they say they don't support SAML metadata. so my options are kind of limited here. GLUU is the most friendly open source IDP out there so far. I will look at other alternatives of implementing an IDP initiated SSO using GLUU and if I find anything, I'll gladly share it here. Cheers

By William Lowe user 03 Aug 2015 at 11:18 a.m. CDT

Copy
William Lowe gravatar
Thanks, Joel. I'm going to close out this ticket. If you find anything worthwhile, please post in a new ticket and I can link to it from here. Also, stay tuned for the next update of the server sometime in August. A new management interface and support for SCIM 2.0 are on the way. Best of luck. Will

Post an answer