How to integrate Gluu server and wso2IS using SAML : Federation Authentication.
Day by day WSO2 Identity server is becoming more popular and powerful Identity and Access management server in the open-source software world. It can act as several type of IDPs. For example it can be openID connect and SAML2 SSO IDP. And also we can use identity server to aggregate with different applications.
Gluu server is a free open source identity and access management (IAM) platform.The most common use cases for the Gluu Server include single sign-on (SSO), mobile authentication and identity federation. The specialty of this is user do not need a commercial license to use the Gluu Server in production.
In this scenario imagine that user must access to web application from different partner of the organization. At the moment there are some informations which can not be expose to the external users due to security reasons. If Partner organization has Gluu server as an Identity provider with SAML Trust relationship we can overcome the difficulty faced by external user. By using it web application can redirected to the Gluu IDP but can authenticate using their own server.

Configure Identity Server as Trust Relationship in Gluu-Server.
Step 1.- Log in to gluu server providing user credentials.

Step 2.- Then go to Saml — -> Trust Relationship — -> Add relationship

Step 3.- Fill the required information to build the Trust Relationship. And activate the service.
Following is the SP metadata for Identity Server.
[sourcecode language="xml"]
<EntityDescriptor entityId = "wso2is" xmlns = "urn:oasis:names:tc:SAML:2.0:metadata"> <SPSSODescriptor protocolSupportEnumeration = "urn:oasis:names:tc:SAML:2.0:protocol"> <NameIDFormat >urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat> <AssertionConsumerService index = "1" Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location = "https://localhost:9443/commonauth"> </AssertionConsumerService> </SPSSODescriptor> </EntityDescriptor>[/sourcecode]Download this xml file and create your own metadata.xml file and upload it to the page.

After connection is successfully activated it display as below.
IMPORTANT:
When selecting entity type it can be single service provider or federated service providers.
when selecting metadata location in this occasion I choosed to upload metadata.xml of identity server as file type. Other than that we can select URI type , Federation or general type.
Configure Gluu server as SAML2 SSO Federated IDP
Step 1.- Login Identity And Access Managment Server managemet console
Step 2.- Register new Federated IDP
You need provide a name for IDP
You need to update the public certificate of the gluu-server. You can find the certificate from /etc/certs location. You can visit this post to find public certificate of IDP. This is need for signature validation of the SAML Response and Assertion.

Go to “SAML2 Web SSO Configuration” and Register following details.
Step 1. -Enable — You can enable and set as default
Step 2. Identity Provider Entity Id — This must be the entity Id of the Gluu IDP. In my case There is attribute called entityID=”https://localhost/identity”
Step 3. Service Provider Entity Id — This is the Identity Server’s Entity Id. You can use the value that we have configure in the metadata.xml metadata file.of wso2is. It is “wso2is”
Step 4. SSO URL : This is Gluu IDP url. In my case SSO URL:”https://localhost/identity”. And we have to select HTTP-Redirect binding to send the SAML Auth request from Identity Server to Gluu server. So we are using following url as SSO URL
Lets keep other configurations with default values.

Step 3 : Configure Gluu server-IDP as Federated IDP for Web application.
In this case I have configured travelocity.com In WSO2 Identity Serveras a Service Provider.
For more details refer https://docs.wso2.com/display/IS530/Configuring+Single+Sign-On

By configuring it service provider as federated authentication IDP for web application. When user tries to access the web application, user would be redirect Gluu Server-IDP login page via the identity Server. In this case, users only who can be authenticated via Gluu Server-IDP, can login to web application.
Step 4 :Now log into the travelocity application. Then you will be directed to the Gluu server login page to provide credentials to access the travelocity application.

Finally I must thanks to Lahiru Manohara who help me to do initial configuration of gluu-server with the help of docker. You can visit the this link to configure your docker based gluu-server and have a new experience with gluu with docker. And visit to gluu official installation site from this for further information.
