Testing Asimba with Gluu Server 2.4.4
This guide outlines how to test Asimba with Gluu Server 2.4.4 The authentication flow for this test is as follows [https://sp.gluu.org] --> [https://upgrade.gluu.org] -->[https://test.gluu.org] -->[https://upgrade.gluu.org] -->[https://sp.gluu.org]
|https://sp.gluu.org||This is a shibboleth SP connected to https://upgrade.gluu.org|
|https://upgrade.gluu.org||This is a Gluu Server 2.4.4 SAML IdP with Asimba|
|https://test.gluu.org||This is a second Gluu Server 2.4.4 SAML IdP connected to https://upgrade.gluu.org|
Note: Ideally all SPs and IdPs should be connected to Asimba server. In this case we are following that rule as well.
Please follow the following steps to setup https://sp.gluu.org.
shibboleth2.xmlto include the metadata and metadata link for the Asimba Server, in this case https://upgrade.gluu.org
Two code snippets are given below
<MetadataProvider type="XML" validate="true" file="/etc/shibboleth/asimba_metadata.xml"/>
Note: Deployer need to download Asimba server's metadata inside SP and provide the absolute path in
- Install Gluu Server 2.4.4 with Asimba following the Deployment Guide and select 'Asimba' durning installation.
https://upgrade.gluu.org, as self IdP, and
https://test.gluu.org, as remote IdP, inside Asimba server as authentication servers. N.B.: In the screenshot given below,
https://upgrade.gluu.org/idp/shibbolethis added as one of the authentication servers. Follow this template to add
Note: The certificates below can be found in the
/etc/certs/ folder in the Gluu Server CE environment
openssl x509 -outform der -in shibIDP.crt -out shibIDP.der
Import abvoe DER into the
keytool -importcert -file shibIDP.der -keystore asimbaIDP.jks -alias <entityID_of_ID>
Restart Tomcat Service
Navigate to SP Requestors from the left hand menu
Click on Add SP Requestor
Download the SP Metadata from https://sp.gluu.org and provide the absolute path link in the Metadata File location
Updateand Restart Tomcat Server
In this Gluu Server, add the Asimba Server, https://upgrade.gluu.org as a trusted party through a Trust Relationship.
Click on Add Trust Relationship
Setup the Trust Relationship as given below in the screenshot
Configure Relaying Party