By: Burak Tuncel user 23 Jan 2019 at 12:46 a.m. CST

3 Responses
Burak Tuncel gravatar
Hi, Is there any way to link different SSO systems?. Let me give example, I have 2 gluu servers (gluu1 and gluu2 ) also i have 2 web client to use gluu's SSO integration.(web1 and web2). web1->gluu1 ( web1 can use gluu1's SSO system) web2->gluu2 (web2 can use gluu2's SSO system) Now, i want to create a relation between web1 and web2. I mean, when web1 has access to gluu1 for user web2 also can access gluu1. Is there any configuration on Gluu Server? Is that possible? Thanks.

By William Lowe staff 23 Jan 2019 at 1:45 a.m. CST

William Lowe gravatar
The idea is not totally clear. But you may be looking for something like social login, or what we call inbound identity: https://gluu.org/docs/ce/3.1.5/authn-guide/passport/ In your scenario outlined above, I think you're basically saying you want users from gluu1 to be able to access web 2 via their gluu1 authentication server. So the user would navigate to web2, there would be some mechanism to determine the user has an account in gluu1 (what we call "Discovery"), the user would get redirected to gluu1 for login, and then redirected back to web2 with a session. If that's the idea, you will want to follow the guide above. Thanks, Will

By Burak Tuncel user 23 Jan 2019 at 2:14 a.m. CST

Burak Tuncel gravatar
Thank you for answer. Sorry, it was second part of my plan. First, I am assuming that; Gluu1 has user1 but Gluu2 has not. Web1 has access to Gluu1 for user1 ( with SSO) Web1 is trying to access to Gluu2. Now, i want that Gluu2 should trust Gluu1 for user1 ( i mean gluu2 accepts gluu1's users) and web1 can access gluu2 for user1. Second part is like the above.

By Michael Schwartz staff 27 Jan 2019 at 3:41 a.m. CST

Michael Schwartz gravatar
Will is correct. The best way to handle this would be to consider Gluu1 to be an inbound trusted identity provider... i.e. social login. You can use inbound SAML or inbound OpenID Connect. Far better would be to figure out how to run one openid provider, and control access appropriately.