Hi, Gary. Let me quote my colleague from another ticket: - Install Gluu Server ( done ) - Decide how you are going to push your user's information into Gluu Server ( SCIM: to push into Gluu Server, Cache Refresh: to pull from backend active directory / LDAP server ) - Decide which apps you are going to integrate with Single Sign On System. - Decide which SSO protocol you are going to use ( OpenID Connect / SAML / CAS ) >I think the easy way would be to start with SSO Integration Guide - Server Side Web Apps - Web Server Filters - mod_auth_openidc RP Integration. Sounds good to me. We have `mod_auth_openidc` article [here](https://gluu.org/docs/ce/3.1.3/integration/sswebapps/openidc-rp/). >Do I need to do some setting in the Gluu Server UI before I start integration? That's, unfortunately, too broad of a question. Gluu offers a lot of options, and your particular case may need only a narrow subset of it. I would suggest to proceed one step at a time for now, adding required pieces when you need them.

Thank you, Alexander. Yes, I will go step by step and then ask you what to do next. Here are answers your questions: > Install Gluu Server ( done ) -- Yes. It is done. > Decide how you are going to push your user's information into Gluu Server ( SCIM: to push into Gluu Server, Cache Refresh: to pull from backend active directory / LDAP server ) -- For now, for testing purposes we are going to add users to Gluu Server manually utilizing Gluu Server LDAP how mentioned in the Local User Mangement document here: https://gluu.org/docs/ce/user-management/local-user-management/ >Decide which apps you are going to integrate with Single Sign On System. -- We are going to integrate our 2 web applications; one server side application (webservice); 5 3rd party applications installed in separate machines but in the same VPC (Dataiku, Tableau, RapidMiner, H2O, RStudio). I was not able to find any documentation in your documentation section regarding these tools integration. Please point me to the right document. All mentioned 3rd party tools installed in AWS in separate machines (EC2 instances). Should i use Single Sign-On (SSO) to Amazon AWS document, which is here https://gluu.org/docs/ce/integration/saas/aws/ ? > Decide which SSO protocol you are going to use ( OpenID Connect / SAML / CAS ) -- We are going to use OpenID Connect, so I will go and review mod_auth_openidc RP Integration document. I think in this case I don't need to do any code changes in our web applications as we will use reversed proxy. Am i right? If not, please point me to the right document, which describes what I have to change in our code in case of web application and server side service. Thanks, Gary

Looks like mod_auth_openidc RP Integration documentation describes the integration of server side application (like webservice on our case). We also need to integrate 2 web applications. We use Polymer framework on front end. Should i use Single Page Apps - Gluu OIDC JS Client documentation for integration? Thanks, Gary

Hi, Gary. >Looks like mod_auth_openidc RP Integration documentation describes the integration of server side application (like webservice on our case). It's a simplified article on a basic setup to start with. If configured correctly, `mod_auth_openidc` will dynamically register its client's entry at Gluu with some default settings, and this should be enough to run a proof-of-concept test. The module can be [further fine-tuned](https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf) to a large extent according to your requirements, including properties it uses for dynamic registrations. 3rd-party software integration tasks beyond a simple setups like that are not usually covered within Community Support. If you think you may need such assistance, please consider signing a support contract with Gluu. We also can introduce you to one of our partners dealing specifically with integration projects (but those are paid services as well, of course) I'll address the rest of your questions shortly in the next post.

>For now, for testing purposes we are going to add users to Gluu Server manually utilizing Gluu Server LDAP how mentioned in the Local User Mangement document here: https://gluu.org/docs/ce/user-management/local-user-management/ Ok, that's fine. >We are going to integrate our 2 web applications; one server side application (webservice); 5 3rd party applications installed in separate machines but in the same VPC (Dataiku, Tableau, RapidMiner, H2O, RStudio). I was not able to find any documentation in your documentation section regarding these tools integration. I don't think we have documentation specifically for those tools, indeed. It's hard to cover all possible 3rd-party software, and usually a new article like this appears as a result of integration project done per a customer's request, unless this particular service looks very promising and somebody on the team has some free time to spend on a test setup. > All mentioned 3rd party tools installed in AWS in separate machines (EC2 instances). Should i use Single Sign-On (SSO) to Amazon AWS document, which is here https://gluu.org/docs/ce/integration/saas/aws/ ? This guide allows your Gluu instance to handle authentication when somebody accesses AWS management web console, I believe. If this will satisfy your needs it's worth a try. >We are going to use OpenID Connect, so I will go and review mod_auth_openidc RP Integration document. I think in this case I don't need to do any code changes in our web applications as we will use reversed proxy. Am i right? If not, please point me to the right document, which describes what I have to change in our code in case of web application and server side service. Apache can handle authorization for you, if that's what you had in mind. After receiving user's personal data from Gluu, you can employ something as simple as this: ``` <Location /secure> AuthType openid-connect Require valid-user </Location> ``` ...or use more sophisticated rules to control which user can access what. This again is a bit beyond scope of Community Support and belongs more to Apache's related forums/mail lists.

Alexander, Thank you for your answers. I am still waiting for answer this question: > We also need to integrate 2 web applications. We use Polymer framework on front end. Should i use Single Page Apps - Gluu OIDC JS Client documentation for integration? Thanks, Gary

Hi, Gary. >We also need to integrate 2 web applications. We use Polymer framework on front end. Should i use Single Page Apps - Gluu OIDC JS Client documentation for integration? I'm not familiar with the framework, but on cursory look it seems to be some kind of set of Javascript libraries which is used to build on-page applications. For such kind of apps JS Client and OIDC implicit flows will be the recommended solution. Please just note that, the same as in previous case, the article describes a simplistic, proof-of-concept setup, not something you can use "as is" in production.

Does Gluu Server support integrating ElasticSearch/Kibana with SSO? I am not able to find any documentation regarding this. Thanks, Gary

I also saw in Gluu Server documentation the fact that Gluu Server supports SSO integration with different SaaS products using reverse proxy. Please let me know where to get more details about it? Thanks, Gary

Also, we are thinking about integrating PostgreSQL with SSO. PostgreSQL documentation does not have information that they support OpenID Connect or SAML. Their documentation says that they support GSSAPI protocol for integration. Does Gluu Server support it? Did you tested SSO integration with PostgreSQL ? Thanks, Gary

>> Does Gluu Server support integrating ElasticSearch/Kibana with SSO? According to [this](https://www.elastic.co/guide/en/x-pack/current/saml-guide.html) doc, it support SAML.. so yes, possible. >> I also saw in Gluu Server documentation the fact that Gluu Server supports SSO integration with different SaaS products using reverse proxy. Can you please point us which doc you are mentioning about?

Hi Gary, We're happy to answer focused and tightly scoped community support questions. But this ticket is a bit too broad for community support. It seems like you need more consultative support than technical support at this time. Our [VIP support plans](https://gluu.org/pricing) include a quarterly allotment of consultative and support calls. Those hours could be pretty helpful for getting your project direction straightened out. Thanks for your understanding. Will

Thank you for your answers. One additional question before we decide to subscribe for VIP support plan: We are planning to integrate with PostgreSQL (pgAdmin). PostgreSQL documentation does not say that it supports OpenID Connect or SAML2 for SSO integration. PostgreSQL supports GSSAPI protocol. Need some more direction from Gluu Server support to clarify the way of integrating with PostgreSQL. Thank you in advance. Gary

Gary, I think it would be helpful to discuss your specific requirements. Can you [schedule a call with us](https://gluu.org/booking) ? Thanks, Will