>> Question were can I find more on this error what is the location of the log files on the server that could help me to understand why the file will not import? oxTrust log: https://gluu.org/docs/ce/3.0.1/operation/logs/#oxtrust-logs A quick question... are you sure you wanna use 'Generate' type? 'Generate' feature is something where you have an 'in-house' application which will use Shibboleth SP to protect its own resources. Check out various methods here in [this](https://gluu.org/docs/ce/3.0.1/admin-guide/saml/#trust-relationship-requirements) doc.

Follow Up Questions: Hello Mohib, thank you for your reply. I have read the documentation regarding the different options for configuring SAML / SSO and I am still not clear as to which option would work for our environment. We are currently using the Gluu server in our lab environment and possibly in production if we can get it working. Below is our use case, can please provide guidance on the best possible way to configure the Gluu server SAML / SSO options given our use case and the Service Provider (SP) application configuration requirements? We are hosting a service provider (SP) application (Data Archive) that now, with its latest release supports SAML / SSO. The instructions from the SP application for using SAML / SSO are: To use Data Archive's single sign-on feature, you must also use an identity provider (the Gluu server) that supports the SAML. **Step 1. **Create the KeyStore and Encryption Certificate (_this key is to be loaded into the Gluu server_) 1. Run the KeyStore command.> keytool -genkeypair -alias testkey01… - cert file **Step 2.** Configure the Identity Provider for Data Archive (_this step would be config of the Gluu server_) Configure the chosen identity provider to host Data Archive. Refer to the documentation for the identity provider to configure the general settings for Data Archive. 1. In the identity provider's application settings for Data Archive, enter the following details: - a. Single sign-on URL: http://<ilmhost:port>/sso.htm - b. Entity ID: http://<ilmhost:port>/sso.htm - c. Assertion encryption: Encrypted 2. Upload the encryption certificate (.cert) created in Step 1. 3. Download the identity provider metadata file and copy it to the machine where Data Archive is installed. _**(is this the shibboleth xml file?) **_The metadata file is typically available for download in the application settings. 4. Add users from an LDAP directory, integrate the LDAP directory with the identity provider. **Step 3.** Configure Data Archive for Single Sign-On To configure Data Archive for single sign-on, update the conf.properties file. 1. Provide the path of the identity provider metadata file, which you copied to the Data Archive machine from the identity provider in Step 2. Example: informia.idp.metedata.file = c:\\metadata

Another quick question... What is 'Data Archive'? Some cloud service? You installed that service in-house? Any link to share?

Hello Mohib, What is 'Data Archive'? > Informatica's Data Archive application Some cloud service? Yes we host this application for our clients. You installed that service in-house? Yes this service is install in our lab and in segregated hosting environments for our clients. Any link to share? all of our app links are behind our firewall. https://www.informatica.com/products/data-security/data-archive.html

Oh and I should mention that Data Archive runs a tomcat application / web server on both Linux and Windows. The config.properties file referenced above manages the tomcat server.

Ok, thanks for clarification. As troubleshooting SP configuration is not covered in community support so I can't comment on 'Data Archive' configuration. However here is what I would try: - See if there is already any SAML plugin available for 'Data Archive' software or not. If plugins are available it will make your life much easier. - If plugin is available: - You just need to enable and configure that. - Grab the metadata of SP ( 'Data Archive' in your case ) - Create a Trust Relationship in Gluu server by using 'Metadata Type: File' [ Upload your SP metadata here ] - Test - If plugin is not available: - Configure Shibboleth SP in 'Data Archive' [Here](https://gluu.org/docs/ce/3.0.1/integration/saml-sp/) is a sample setup how you can install and configure Shibboleth SP. Or you can check [this](https://gluu.org/docs/ce/3.0.1/integration/saml-sp/#super-quick-ubuntu-shib-apache-install) as well. - Follow rest section from above scenario ( Grab metadata... test ).

Hello Mohib, thank you for your suggestions. Yes I understand that troubleshooting the SP is not covered. I just want to clarify a few things though. When you say see if there is already a SAML plugin... What are the forms / types of the metadata plugins that the Gluu server will except? What is the form / file type of the plugin, is it a generated xml file, if so usually generated from where? Thank You again for your assistance.

>> When you say see if there is already a SAML plugin... What are the forms / types of the metadata plugins that the Gluu server will except? SAML metadata plugin is just one type. If this software has any plugin/add-on/feature to accomplish SSO with SAML, then you will be able to connect it with Gluu Server. I think if you ask their support about how you can achieve Single Sign On with 'Informatica Data Archive'; you will get able to get a quick answer from them. Gluu Server support three protocols for SSO: SAML 2.0, OpenID Connect and CAS. If 'Data Archive' support any one of these protocols, you will be fine.