By: Arlon Antonius user 31 Jan 2018 at 3:22 a.m. CST

13 Responses
Arlon Antonius gravatar
Hi there, I'm trying to figure out how I can connect Gluu's SAML part with Mautic's SAML / SSO settings. Gluu: Installed on one of my VPS's that has 12GB RAM, 4 Cores etc etc. All fit the requirements. Mautic: Installed on a seperate web host. I've tried several things, been have not been able to really figure out how to get all of this to work. Here are some of the things I've tried: - Create a Trust Relationship - Create a SP Requestor - Fiddled around with the settings inside Gluu. On Trust Relationships: - I selected "Single SP" as Entity Type - Metadata from URI Location - Configured SAML2SSO in the relying party part - Activated the relationships (it was validated) - Waited for 30 minutes before testing I hope someone is able to help me on this. Kind regards, Arlon PS: Why are there no clear video tutorials on working with most of the Gluu parts?

By Mohib Zico staff 31 Jan 2018 at 4:18 a.m. CST

Mohib Zico gravatar
Hello Arlon, First question: What is Mautic? Second point: We haven't configured Mautic; so if you can share any doc how you configured that; we might take a look. >> PS: Why are there no clear video tutorials on working with most of the Gluu parts? What do you mean?

By Arlon Antonius user 31 Jan 2018 at 4:23 a.m. CST

Arlon Antonius gravatar
Hi Mohib, Mautic is a the largest Open Source Marketing Automation Project at this moment. They basically allow you to automate email marketing, lead generation and a lot more. Feel free to check it out here: https://www.mautic.org/ I know you have not configured Mautic, but Mautic allows for SAML SSO to be used so you can allow all your customers / Staff or whatever to use this right away. https://i.gyazo.com/4b4aca96046161135978f0e9bd2e4de8.png What I meant is that I can't find any really clear tutorial on how to establish a good SAML relationship just in general. There's a lot of text documentation, but there are basically no videos explaining things in detail. Kind regards, Arlon PS: Thank you for your response, really appreciate it :)

By Mohib Zico staff 31 Jan 2018 at 4:54 a.m. CST

Mohib Zico gravatar
Thanks, Arlon. >> https://i.gyazo.com/4b4aca96046161135978f0e9bd2e4de8.png Seems like it's straight forward ( other than 'custom x.509 certificate & private key ). Which certificate,private_key and password you used for those field's values?

By Arlon Antonius user 31 Jan 2018 at 5:02 a.m. CST

Arlon Antonius gravatar
Hi there, I left these empty as you should be able to get this working without those. If you have suggestions on what I should fill in there, let me know. Kind regards, Arlon

By Mohib Zico staff 31 Jan 2018 at 5:04 a.m. CST

Mohib Zico gravatar
Cool.. yes.. let's keep them empty. Now.. it's time to 'check' overall process. Can you share any video how it looks like when you start initiating SSO from SP?

By Arlon Antonius user 31 Jan 2018 at 5:06 a.m. CST

Arlon Antonius gravatar
Hi Mohib, I'll create a video on the entire process of me setting up the SSO and post it here later today (I'm going out of office for a few hours) Kind regards, Arlon

By William Lowe user 31 Jan 2018 at 8:53 a.m. CST

William Lowe gravatar
Arlon, Just a note.. if you have the bandwidth for a little custom development, one thing you may want to consider is writing an [oxd](https://oxd.gluu.org/docs) plugin for Mautic. We've written oxd plugins for many open source apps like WordPress, SugarCRM, etc. For instance, see our [oxd NextCloud plugin](https://gluu.org/docs/oxd/plugin/nextcloud/). oxd implements OpenID Connect (OAuth 2.0), which is going to be a better long term solution than SAML. It should work with SAML too, but our recommendation is to use OpenID Connect whenever possible. Thanks, Will

By Arlon Antonius user 31 Jan 2018 at 10:53 a.m. CST

Arlon Antonius gravatar
Hi William, Thank you very much for the reply. I really like oxd by the looks of it, but it has one major problem in my opinion: It is paid. I love the Gluu interface and basically everything it's aiming for. However, it looks like the main focus right now is on oxd because that is where the money lays. If oxd would be free, I would use it all the time. Kind regards, Arlon PS: Creating the video now

By William Lowe user 31 Jan 2018 at 10:57 a.m. CST

William Lowe gravatar
Haha well, we have to make money somehow. And to be honest client software is a good place to put your money: the security requirements are constantly changing, which means client software needs to be consistently updated and to be kept conformant. In addition, you need to support a wide variety of libraries to make it easy for application developers to use. This requires a real business model. One additional thing to note is that we are going to make an adjustment to the business model at some point this year, to introduce a free plan for a limited number of clients (current thinking is up to 10 clients free forever).

By Arlon Antonius user 31 Jan 2018 at 11:07 a.m. CST

Arlon Antonius gravatar
Hi William, I totally get that, I made software for a living as well. I might be interested in paying for it later on, but for now I really just want to get the feel of Gluu, make it work properly and see if we can use Gluu as our main authentication system for everything. (Right now testing for staff, after that for clients, and then maybe even on consumer level). As we're building multiple services for the public and we would love to just have one central login system. If this is something we can really do as easily as we think we can (when we get the hang of it). Then we've solved a major problem. PS: The only reason why I don't like oxd is because I was searching all over the internet for a nice IDP that was self hosted, free and compatible with a lot of things. Then I found Gluu after a while, thought it was amazing and then it pushed oxd through my throat. Other than that, I'm willing to pay for it, but only later on when I have everything done and we can see that our customers actually like/use it.

By Arlon Antonius user 31 Jan 2018 at 11:18 a.m. CST

Arlon Antonius gravatar
Hi Mohib, Sorry for all the delays. I just uploaded the video to my Google Drive. I pasted the link below, I hope you're able to watch it and maybe help me out. Kind regards, Arlon

By Arlon Antonius user 03 Feb 2018 at 11:22 a.m. CST

Arlon Antonius gravatar
Hi anyone, Let me know if you have any tips for me. Video on what I did can be found here: https://drive.google.com/open?id=1KdpNDFcTZzh-VYzs_6WLknvosYYKc3Us Kind regards, Arlon

By Mohib Zico staff 14 Feb 2018 at 1:43 p.m. CST

Mohib Zico gravatar
Hi Arlon, Couple of points from your shared screencast: - We need to find out if there is any error in 'idp-process.log' or not. If yes; we need to fix that first. - 'Identity Metadata Provider File': Which one are you using? Possible to share? - SP Metadata in Trust relationship: Try to use 'File' method instead of URI. Download SP's metadata and upload that in Trust relationship. - When you do some something / some modification in Trust relationship, you need to hit 'Update'; not 'Activate' - 'SP Requestor': You don't need to configure that for your setup.