SSO Redirection

By: Gerhard De Mohr user 22 Oct 2018 at noon CDT

4 Responses
Gerhard De Mohr gravatar
Hey Team I have managed to get the trusted SP activated with validation success. When we login to egnyte.com and redirection to Gluu for SSO then our test user is displayed with the admin consol and logged in as admin which is not what we expected and very weird unless I configured the user incorrectly We are expecting the test user to be redirected to the Egnyte.com folder shares after login via Gluu. How do I redirect the authenticated test user from Gluu to the Egnyte folder shares after login and also how do I get the user to no see the admin console in Gluu ? Your assistance will be appreciated. Everything is standard as per the installation only things that changed was adding a user and adding the Tr SP other than that nothing else added at all. Looking forward to your reply. Gerhard
Ubuntu 16.04
closed

Answers

By Aliaksandr Samuseu staff 22 Oct 2018 at 1:25 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Gerhard. I assume you imply usage of SAML protocol in your setup, please correct me otherwise. You may need to contact your SP tech support (or consult its documentation) to figure out what options do you have, Gluu Server has little control over how SP does its part of job. Usually SAML response is returned to SP by POSTing it to pre-defined ACS, and from there it's up to SP what to do. The most known way to achieve something like this is by utilizing [RelayState parameter](https://stackoverflow.com/questions/34350160/what-is-exactly-relaystate-parameter-used-in-sso-ex-saml). But its support and usage is implementaion-dependend, so you'll need to research your case a bit more. In its simplest form `RelayState` passed in urq query string of SAML request contains url of a resource user needs to be redirected to after authentication. Then IDP should mirror it in its response to SP, and SP is expected to send user there. Unfortunately, Community support doesn't cover SP configuration, so you'll have to find the answer yourself. Feel free to share it here afterwards, for others to learn up.

By Gerhard De Mohr user 22 Oct 2018 at 1:59 p.m. CDT

Copy
Gerhard De Mohr gravatar
Hi thanks for the quick reply. I made changes and now I keep on getting this no matter what I add. What is it and why do I keep on getting it what am I doing wrong ? Web Login Service - Stale Request You may be seeing this page because you used the Back button while browsing a secure web site or application. Alternatively, you may have mistakenly bookmarked the web login form instead of the actual web site you wanted to bookmark or used a link created by somebody else who made the same mistake. Left unchecked, this can cause errors on some browsers or result in you returning to the web site you tried to leave, so this page is presented instead. gerhard

By Gerhard De Mohr user 22 Oct 2018 at 2:01 p.m. CDT

Copy
Gerhard De Mohr gravatar
changed the login url at the SP to https://glu.server.abc/idp/profile/SAML2/Redirect/SSO

By Aliaksandr Samuseu staff 24 Oct 2018 at 11:36 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
>Web Login Service - Stale Request This usually is caused by time sync issues, or the fact you re-use an old url with SAML request in it (by refreshing a page), instead of re-initiating the flow from the start.

Post an answer