Open Source Access Management

About Gluu

Gluu was founded in 2009 with the goal of providing an easier way to build and manage an on-premise authentication, authorization, and federation service.

When we started Gluu, we felt access management tools were too expensive for many organizations. There are millions of domains on the Internet. Access management software like Siteminder had a small impact because only the Fortune 500 could afford it. Open source software was part of the solution. The other part was to provide a cost effective mechanism to enable organizations to support the open source software, so they could build and operate a mission critical IT service.

As a bootstrapped startup with limited budget, we had to be tactical about our investments. Rather than write our own software when there was already good open source software available, we wrote a Puppet recipe to standardize deployment and configuration of a stack of open source identity and access management software, and focused on building a dedicated support team that could provide ongoing operational assistance. The Puppet recipe initially included three softwares: third-party projects Shibboleth and OpenLDAP; and our internally developed web application for centralized management, oxTrust.

In 2010, we were approached by an MIT affiliated organization to build an advanced identity system that supported OAuth 2.0. This led us to OpenID Connect, an emerging profile of OAuth2 which has since launched with support from leading Internet identity providers. As we looked for an open source solution for OpenID Connect that could function similar to Shibboleth for SAML, we found nothing available that could meet our needs. We decided to write the code for an OpenID Connect Provider, oxAuth, and include it as the fourth component in the Gluu Server Stack.

Since then, development of oxAuth has continued to include support for UMA, a new profile of OAuth2 that can be used for web and API access management. And, the Puppet recipe that delivers the Gluu Server Stack now supports additional third-party open source components, such as Asimba and Jagger, to satisfy unique business requirements like inbound SAML single sign-on and multi-party federation management.

At Gluu, we strongly believe that open source software is simply the best software available. The Gluu Server is a reflection of that. When it comes to mission critical infrastructure systems, especially with regard to security software, the more eyes on the code, the more quickly problems are identified and remediated.

Our Vision

Gluu has both a social and a business mission. These missions need not be at odds. In fact they are symbiotic. The business vision of Gluu is quite simple: offer a utility service to help organizations control access to valuable online resources. Our social mission is to make the Internet a safer place for people and businesses by writing great open source software.

Giving Back

In addition to making all of our IAM software open source, Gluu is a trusted member of the education community and provides discounted products and services to non-profit educational institutions to help further access to educational resources for people everywhere.