Gluu
![[X] Close](http://www.gluu.org/wp-content/themes/gluursn/images/close_butn.png)
Thank You
We will be get back to you right away!
Official Contact Form
FAQ’s
- Where is documentation for the Gluu Identity Appliance?
- Who maintains the server itself for firewalling, patches, O/S upgrades, backup/restore, etc?
- Do you manage the software versions, i.e. upgrades, patches?
- Who monitors the operation of the stack including log monitoring?
- How is troubleshooting handled?
- What kind of access does Gluu staff have to the data on private VM’s?
- Is there a set up or installation fee?
- How is support handled?
- Will I need to open up any ports on my firewall?
- What is the Gluu Identity Appliance?
- What is federated identity?
- What is federated identity management?
- How do local identity, SSO and federated identity management models differ?
- What is SAML?
- What is OAuth 2.0?
- What is SCIM?
- What is OpenID?
- What is OpenID Connect?
- What is SSO and can LDAP be used for SSO?
- What is LDAP?
- We have an LDAP server, why is Idenity Virtualization needed?
- Will we be able to utilize our internal groups?
- What is “Shibboleth” and what is the origin of the word?
Where is documentation for the Gluu Identity Appliance?
We’re in the process of merging our OAuth 2.0 and SAML 2.0 products and are rewriting documentation. However, you can find the current documentation on the Gluu wiki, http://docs.gluu.org
Who maintains the server itself for firewalling, patches, O/S upgrades, backup/restore, etc
For On Demand Private, where the client provides the VM’s, the client is responsible for providing the IAAS service, which includes power, network, storage, compute, console access and backup (which needs to be local to the VM).
For On Demand Public, where Gluu provides the VM’s, we are responsible for all of the above.
Gluu also provides firewall, OS, and all system administration on the servers. Note: you have root access. But if you change files under configuration management, they will be reverted to the checked in version. You can run additional services on the server, for example intrusion detection or additional monitoring agents.
Do you manage the software versions, i.e. upgrades, patches?
Upgrades to the Gluu platform are scheduled. Upgrades to the Shibboleth IDP are pushed automatically.
Who monitors the operation of the stack including log monitoring?
Gluu monitors the servers 24/7. This is accomplished by the server updating an LDAP entry on Gluu’s monitoring system. We are able to set thresholds on various metrics, including availablity, CPU, and disk space.
How is troubleshooting handled?
If we detect a customer outage, we open a case, notify the cusotmer, and pro-actively try to resolve the problem. We also collect these metrics, on which you can generate Centreon reports (see features).
What kind of access does Gluu staff have to the data on private VM’s?
Some customers restrict Gluu’s SSH access rights on an as needed basis. We support two-factor login for SSH authentication using the DUO unix PAM module.
Is there a set up or installation fee?
Yes. There is a one-time $1,200 per server installation fee.
How is support handled?
Support is at the organizational level, its not per appliance. Level 1 support is included in the purchase of all On Demand servers. Level 3 support is included in the purchase of all Gluu EDU servers. Our business model is $500/case, which can be bought in buckets.
Will I need to open up any ports on my firewall?
Maybe. The appliances can be configured to pull data from Gluu Core. Additional monitoring features are available however if inbound ports are opened to Gluu’s Core infrastructure.
What is the Gluu Identity Appliance?
The Gluu Identity Appliance turns a public or private cloud instance into an organizational identity provider (IDP). The primary reason an organization would want to have an IDP is for single sign-on to several websites. Gluu leverages the Shibboleth SAML platform, which was developed by universities and is deployed at hundreds of institutions. The Identity Appliance greatly reduces the complexity of deploying and managing an IDP infrastructure.
Appliances are sold on a subscription basis. You can buy one here.
What is federated identity?
In the real world authorities issue people credentials like your passport. Online, electronic authorities also issue credentials. Federated identity is a technology that enables websites to figure out which electronic authorities they trust, while at the same time enabling authorities to release only information deemed necessary.
What is federated identity management?
Federated identity management is the unification of different authentication systems, so users can log on to different systems using the same authentication credentials. This is similar to single sign-on (SSO) systems, where users log on to multiple systems with a single user ID and password, and the SSO system manages accessing each application from there.
How do local identity, SSO and federated identity management models differ?
The local identity model, as the name implies, refers to authentication of a local system only. Federated identity management, on the other hand, allows users to log on to different systems across different domains, like those of various companies, enterprises or suppliers.
A close relative of federated identity management is single sign-on (SSO). In many organizations, users have several applications that they need to log on to, each requiring distinct user IDs and passwords. SSO allows a user to sign on once with a single user ID and password, and still have access to these different systems.
What is SAML?
Security Assertion Markup Language (SAML) enables the secure exchange of authentication and authorization information between security domains. The dominant and most accepted industry standard protocol for communicating identities across the Cloud, SAML is deployed in tens of thousands of Cloud Single Sign-On (SSO) connections, and thousands of large enterprises, government agencies and service providers.
What is OAuth 2.0?
OAuth 2.0 defines a framework for securing application access to protected resources through RESTful Application Programming Interfaces (APIs). It is explicitly designed to support a variety of different client types, which access REST APIs. This includes both web enterprise applications calling out to the Cloud as well as employee or customer mobile applications accessing data in the Cloud.
What is SCIM?
As the newest provisioning specification, the Simple Cloud Identity Management (SCIM) specification defines a simple, RESTful protocol for identity account management operations.
What is OpenID?
OpenID is a consumer targeted open federated identity standard, allowing individuals Single Sign-On (SSO) to “relying party” sites from an OpenID provider such as their email client or social network. OpenID is one of few federated identity standards to enable SSO without the need for a pre-existing relationship between the identity provider and the relying party, a feature that greatly fosters scalability.
What is OpenID Connect?
OpenID Connect is a suite of lightweight specifications that provide a framework for identity interactions via RESTful APIs. The simplest deployment of OpenID Connect allows browser-based, mobile, and javascript clients, to request and receive information about identities and currently authenticated sessions.
What is SSO and can LDAP be used for SSO?
SSO (Single SignOn ) is a concept where a single username/password is used to access multiple applications. LDAP can be used for SSO by having all applications use the same LDAP to authenticate.
What is LDAP?
LDAP is kind of like a database but holds data in tree format. It is used for storing and retrieving of Authentication credentials (whether your username/password is correct) and Authorization information (what can you access with this username).
We have an LDAP server, why is Idenity Virtualization needed?
Attributes required for the federation service-that are needed for the functionality of partner websites-may exist in more than one data source (for example, LDAP, Active Directory, RDBMS). Gluu’s uses the Radiant Logic Virtual Directory Server (VDS) to map user data wherever it exists. Standardizing the flow of identity information from disparate backend systems is one of the technologies that enables Gluu to automate the provisioning of SAML trust relationships.
Will we be able to utilize our internal groups?
Yes. Groups are assigned an i-number, and members of the groups are mapped to their Gluu normalized DN.
What is “Shibboleth” and what is the origin of the word?
Shibboleth is the open source SAML software used by Gluu. Shibboleth has thousands of deployments worldwide, and is the standard federation software used in the higher education community.
The word “Shibboleth” is an interesting, but sort of violent, metaphor for a security gatekeeper. The Gileadites in Biblical times had a straightforward trust model: if you couldnt correctly pronounce “shibboleth” you would be killed on the spot, otherwise you could continue on your way and cross the Jordan River.