Configuring SSO for Shibboleth (using Gluu)

Prerequisites

Ensure that you have the following before you start configuring Gluu

  • Gluu account with admin privileges
  • The Clumio Entity ID and Assertion Consumer Service URL refer to this knowledge base article for instructions on how to get that information from the Clumio Dashboard.

Configuring Shibboleth as an IdP for Clumio Service

  1. After logging into Gluu dashboard, click on SAML > Add Trust Relationships:

1.png

  1. Under Trust Relationship Form, enter the following:
Display Name:Clumio   
Description: Clumio Trust  
Entity Type: Single SP  
Metadata Location: File  
SP Metadata File: Select the Clumio SP metadata XML file  

  1. Enable the Configure Relying Party field and click Configure Relying Party as follows

2.png

  1. Under Relying Party Configuration, add a profile configuration of SAML2SSO and click the SAML 2 SSO Profile after adding it:

3.png

  1. Scroll down in the profile to NameID Formats and add SAML1.1:nameid-format:emailAddress field as shown below.

4.png

  1. Click Save.
  2. From the right section, select the following fields to add them in the Trust Relationship:
    • Display Name
    • Email
    • First Name
    • Last Name
    • Username
      Click Add.

5.png

  1. Click SAML > Trust Relationshipsand confirm the presence of Clumio configuration as shown below:

6.png

  1. Ensure that the Email attribute has a SAML2 URI configured. Go to Configuration > Attributes. Click Email and ensure that it's Active as shown below:

7.png

  1. If SAML2 URL is not configured, configure it with the following value:
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress. Scroll down and click Update after configuring SAML2 URI:

8.png

  1. Finally, visit SAML > Trust Relationships and confirm that the Clumio service Validation Status is Success and the Status_ is _Active as shown below:

9.png