If you want to automate SAML TR creation, you'll need to render the right entry in LDAP under `ou=trustRelationships,inum=(appliance-inum),ou=appliances,o=gluu`

Is there any guide on what fields need to be populated or how to generate certain fields such as gluuProfileConfiguration and gluuSAMLspMetaDataFN as well as the inum value of the trustRelationship? Also if a record is generated how do we verify the gluuValidationStatus of a trustRelationship?

No, but just look at another entry, and do the same thing. Or you can check the code--it's on Github.

Sorry to bother you again about this...but if I wanted to add a new REST operation into the gluu server. Would it be best to put it into the oxTrust or in the oxAuth project? Also, if I wanted to test the updated war file...I assume it isn't just a simple drop in of the new compiled war file into (in the case of oxTrust) into the identity jetty folder /opt/gluu/jetty/identity/webapps right?

For this feature, I would add it to oxTrust, because its an admin API that you wouldn't necessarily want to be Internet facing. We have build instructions: [https://gluu.org/docs/ce/3.0.1/developer-guide/oxtrust-eclipse/](https://gluu.org/docs/ce/3.0.1/developer-guide/oxtrust-eclipse/)

So I am able to compile the code and setup a really simple test API operation. I am trying to update the oxtrust-server.war file and placing it into an already deployed Gluu 3.0.1 CE running on a VM. I stop the identity service and I changed the name of the oxtrust-server.war and replace identity.war file in the /opt/gluu/jetty/webapp/identity folder. But this seems to cause the gluu server to stop working. Not sure what is causing the failure. So do I need to compile the war file with certain configuration files in place prior to replacing the identity.war file for gluu server to run correctly? I see in the documentation https://gluu.org/docs/ce/upgrade/update-war/ the statement "Keep in mind that a new version of code may also require updates to the LDAP schema or to the application JSON properties. Make sure you are aware of any requirements before you start, because missing data can cause the Gluu Server to malfunction." I even tried to setup a brand new glue 3.0.1 and run the setup.py and then compile the 3.0.1 version of oxtrust-server.war with no changes and that war file swap seems to cause the service to fail. How do I know what JSON or ldap schema needs to be changed in order to update a the oxtrust-server.war file?

Yura, can you comment on this issue?

Did you put new identity.war into /opt/gluu/jetty/webapp/identity/ or /opt/gluu/jetty/identity/webapps/ ? Can you zip all logs from /opt/gluu/jetty/identity/logs ant attach to this ticket? According to your description you tried to deploy updated custom 3.0.1 identity.war into CE 3.0.1 This should work. I think there is startup error in logs which can explain the problem.

I put the war file into /opt/gluu/jetty/identity/webapps folder. Here is a link to the log files. [oxTrustLogs.tgz](https://drive.google.com/file/d/0B78JrNtbDULOeEZNMmRQa3BJUk0/view?usp=sharing)

The key error that I see is the following. org.gluu.site.ldap.persistence.exception.MappingException: Failed to convert json value '{"cacheProviderType": IN_MEMORY, "memcachedConfiguration": {"servers":"localhost:11211", "maxOperationQueueLength":100000, "bufferSize":32768, "defaultPutExpiration":60, "connectionFactoryType": DEFAULT}, "inMemoryConfiguration": {"defaultPutExpiration":60}}' to object Is there a new service with the latest build needing an in memory cache service?

Yes, if you are using the HEAD, we did add caching. You should probably work with the [branch of 3.0.2](https://github.com/GluuFederation/oxTrust/tree/version_3.0.2) Although, just to re-iterate this point... I think OpenID Connect would be a much better choice for what you're trying to do because: 1. We are introducing Drupal plugins for both version 7 and 8 2. It includes dynamic client registration capability

so the 3.0.1 version of gluu CE does not match the v3.0.1 in github? And we are doing the OpenID for apps that can support that and would encourage new users of this service to use OpenID. But we do have a bunch of legacy apps that only works with SAML and they don't want to spend time dealing with changing their code to support OpenID. Our Drupal team who I am working with can do both and we want to show that gluu can work with both SAML and openID. If you have info on the drupal plugin we would love to test it out ;)

So I got the service to work thanks! Version 3.0.2 seems to work with the Gluu 3.0.1 CE.