Configuring SSO for Shibboleth (using Gluu)

Ensure that you have the following before you start configuring Gluu

• Gluu account with admin privileges

• The Clumio Entity ID and Assertion Consumer Service URL (See this KB article on how to get that information from the Clumio Dashboard)

Configuring Shibboleth as an IdP for Clumio Service

• After logging into Gluu dashboard, click on SAML > Add Trust Relationships:
  
  
• Under Trust Relationship Form, enter the following:

Display Name:Clumio 
Description: Clumio Trust
Entity Type: Single SP
Metadata Location: File
SP Metadata File: Select the Clumio SP metadata XML file

Enable the Configure Relying Party field and click on Configure Relying Party as follows:

• Under Relying Party Configuration, add a profile configuration of SAML2SSO and click on the SAML 2 SSO Profile after adding it:
  
  
  
• Scroll down in the profile to NameID Formats and add SAML1.1:nameid-format:emailAddress field as shown below:
  
  Click on Save. 
  
  
• From the right section, select the following fields to add them in the Trust Relationship:
  Display Name
  Email
  First Name
  Last Name
  Username
  Click on Add:
  
  
  
• Click on SAML > Trust Relationships and confirm the presence of Clumio configuration as shown below:
  
  
  
• Ensure that the Email attribute does have a SAML2 URI configured. For that, go to Configuration > Attributes. Click on Email (and ensure that its Active) as shown below:
  
  
  
• If SAML2 URL is not configured, configure it with the following value:
  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress. Scroll down and click on Update after configuring SAML2 URI:
  
  
  
• Finally, visit SAML > Trust Relationships and confirm that Clumio service Validation Status is Success and the Status is Active as shown below: