Hello, Me again I'm afriad. I've installed Gluu to a server (Ubuntu) on our network which I want to act as an IdP. I am now trying to connect it to a service provider (IBM Domino, which is on our local network too) but am having some difficulty in getting the SP to work with the metadata from the IdP. Note: I managed to get the SP to talk to work with simpleSAMLPHP but wanted to use Gluu as it seems like a cleaner implementation and it has openID connect support. I mention this now as it will become relevant further down. I have gone to https://<your-server-hostname>/idp/shibboleth as recommended in another ticket which provided me with the metadata for the SAML IdP (Gluu) which I can then download and save ready to be imported into an SP. When I import this file into Domino (which is only possibly via a GUI), it fails to populate the X.509 certificate data. Inspecting the XML file it does have X.509 data present, but it is "<ds:X509Data>" rather than "<X509Data>" which is what simpleSAMLPHP used and imported ok (we also used our own certificates rather than default simpleSAMLPHP ones). Starting up the domino services it at this point begins generating some abiguous and unhelpful configuration errors (curse you IBM!). So I tried copying the "<ds:X509Data>" data in manually, but this didn't change things. I then tried copying in the <X509Data> from the simpleSAMLPHP IdP (which is a different certificate, but I wanted to see how the SP would react) and this time I never saw any configuration errors. Trying to get to the SP in a web browser, results in a Gluu error page ("Error decoding authentication request message") but that could be another issue or more likely because I switched out the X509 data for another certificate to see how the SP would react whenstarting up the authentication services. - I'm not really that knowledgable about certificates, is X509Data and ds:X509Data different? - If they are different, is there a way of configuring gluu to use X509Data instead or a way of generating this data for systems like IBM domino if they need it (i.e. via terminal)? - Though I wanted to avoid this, if all else fails, could I keep simpleSAMLPHP running for IBM domino and somehow form a trust between simpleSAMLPHP IdP and Gluu SAML IdP (i.e. is that was Asimba proxy is used for)? Thanks in advance (in case the ticket closes before I can give my thanks for any help/input!), hopefully this makes some kind of sense!