Hi Annouar, >> Failed to enroll. User with same key attributes exist already Failed to authenticate This means the user you are trying to use for login into Asimba server is already there. Here is what you can do: - You can create a new user in nest.gluu.org and use that user for authentication purpose. - You can delete the ldap entry for this user from Asimba server's ldap. This enrollment ldap entry is some snippet which has `oxExternalUid` attribute.

Hi Mohib, > This means the user you are trying to use for login into Asimba server is already there. That's what I thought because I was trying to log with the admin account. Then I've registered a new person in nest.gluu.org (and make sure this user is not in my Asimba server by checking Users > Manage People on the UI). But the error is still here

Ok. Here is what you can do next: - Search for this UID ( which is being blocked by Asimba ) inside Asimba server's ldap. - You will see at least two entries for this UID; delete that DN which has oxExternalID attribute. - Try again and tail oxauth_script.log

I've searched in my test.gluu.org, and I have only on user registered in (admin)  I've joined my oxauth_script.log here ``` 2017-03-22 15:30:29,088 INFO [org.xdi.service.PythonService] (ajp-bio-127.0.0.1-8009-exec-39) Asimba. Authenticate for step 1. attributes: '{country: [Netherlands]}' 2017-03-22 15:30:29,089 INFO [org.xdi.service.PythonService] (ajp-bio-127.0.0.1-8009-exec-39) Asimba. Get mapped user. Using next attributes mapping '{givenname: givenname, uid: uid, urn:oid:2.5.4.4: sn, urn:oid:0.9.2342.19200300.100.1.3: mail, edupersonprincipalname: edupersonprincipalname, urn:oid:0.9.2342.19200300.100.1.1: uid, sn: sn, mail: mail, urn:oid:2.5.4.42: givenname, urn:oid:1.3.6.1.4.1.5923.1.1.1.6: edupersonprincipalname}' 2017-03-22 15:30:29,090 INFO [org.xdi.service.PythonService] (ajp-bio-127.0.0.1-8009-exec-39) Asimba. Get mapped user. User custom objectClasses to add persons: '[eduPerson]' 2017-03-22 15:30:29,090 INFO [org.xdi.service.PythonService] (ajp-bio-127.0.0.1-8009-exec-39) Asimba. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '!!!' 2017-03-22 15:30:29,096 INFO [org.xdi.service.PythonService] (ajp-bio-127.0.0.1-8009-exec-39) Asimba. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP 2017-03-22 15:30:29,096 INFO [org.xdi.service.PythonService] (ajp-bio-127.0.0.1-8009-exec-39) Asimba. Authenticate for step 1. Attempting to add user '!!!' with next attributes: '[Attribute [name=oxExternalUid, values=[saml:!!!]]]' 2017-03-22 15:30:29,108 INFO [org.xdi.service.PythonService] (ajp-bio-127.0.0.1-8009-exec-39) Asimba. Authenticate for step 1. Failed to add user: '!!!'. User not unique ```

>> 2017-03-22 15:30:29,090 INFO [org.xdi.service.PythonService] (ajp-bio-127.0.0.1-8009-exec-39) Asimba. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '!!!' No UID found. '!!!' cannot be an user. That means... user's information is not receiving from nest.gluu.org OR saml script is unable to process data. We will publish a new end to end doc on Asimba soon; which will help you I believe.

> No UID found. '!!!' cannot be an user. That means... user's information is not receiving from nest.gluu.org OR saml script is unable to process data. Do you have any idea where the problem comes from ? I need to realize that ASAP for a POC to my team (we need to compare federation tools). > We will publish a new end to end doc on Asimba soon; which will help you I believe. Yeah, the documentation is not really clear for people who starts with SAML concepts. Thank you for this work !

Check the ldap logs. The oxAuth message may not be specific enough. Also check the oxAuth persistence logs.

Annouar, Here is a temp. doc for you: https://github.com/GluuFederation/docs/blob/master/tmp_zico/SAML_proxy_end_to_end.md We will remove this by end of this week and put the doc in proper place as this is not the right location for our github tree.

Hello ! Thank you ! The new document version was very helpful !

Is the document posted above still available in another location?

From timestamp, I guess.. it was 'Asimba'. Now.. we don't have Asimba anymore. `Passport.js` replaced Asimba because Passport has much more capability of handing multiple protocols ( SAML and OIDC ) along with social login. [Here](https://www.gluu.org/docs/ce/4.0/authn-guide/passport/) is the doc.