The idea is not totally clear. But you may be looking for something like social login, or what we call inbound identity: https://gluu.org/docs/ce/3.1.5/authn-guide/passport/ In your scenario outlined above, I think you're basically saying you want users from gluu1 to be able to access web 2 via their gluu1 authentication server. So the user would navigate to web2, there would be some mechanism to determine the user has an account in gluu1 (what we call "Discovery"), the user would get redirected to gluu1 for login, and then redirected back to web2 with a session. If that's the idea, you will want to follow the guide above. Thanks, Will

Thank you for answer. Sorry, it was second part of my plan. First, I am assuming that; Gluu1 has user1 but Gluu2 has not. Web1 has access to Gluu1 for user1 ( with SSO) Web1 is trying to access to Gluu2. Now, i want that Gluu2 should trust Gluu1 for user1 ( i mean gluu2 accepts gluu1's users) and web1 can access gluu2 for user1. Second part is like the above.

Will is correct. The best way to handle this would be to consider Gluu1 to be an inbound trusted identity provider... i.e. social login. You can use inbound SAML or inbound OpenID Connect. Far better would be to figure out how to run one openid provider, and control access appropriately.