We’re in the process of merging our OAuth 2.0 and SAML 2.0 products and are rewriting documentation. However, you can find the current documentation on the Gluu wiki, http://docs.gluu.org
For On Demand Private, where the client provides the VM’s, the client is responsible for providing the IAAS service, which includes power, network, storage, compute, console access and backup (which needs to be local to the VM).
For On Demand Public, where Gluu provides the VM’s, we are responsible for all of the above.
Gluu also provides firewall, OS, and all system administration on the servers. Note: you have root access. But if you change files under configuration management, they will be reverted to the checked in version. You can run additional services on the server, for example intrusion detection or additional monitoring agents.
Upgrades to the Gluu platform are scheduled. Upgrades to the Shibboleth IDP are pushed automatically.
Gluu monitors the servers 24/7. This is accomplished by the server updating an LDAP entry on Gluu’s monitoring system. We are able to set thresholds on various metrics, including availablity, CPU, and disk space.
If we detect a customer outage, we open a case, notify the cusotmer, and pro-actively try to resolve the problem. We also collect these metrics, on which you can generate Centreon reports (see features).
Some customers restrict Gluu’s SSH access rights on an as needed basis. We support two-factor login for SSH authentication using the DUO unix PAM module.
Yes. There is a one-time $1,200 per server installation fee.
Support is at the organizational level, its not per appliance. Level 1 support is included in the purchase of all On Demand servers. Level 3 support is included in the purchase of all Gluu EDU servers. Our business model is $500/case, which can be bought in buckets.
Maybe. The appliances can be configured to pull data from Gluu Core. Additional monitoring features are available however if inbound ports are opened to Gluu’s Core infrastructure.
The Gluu Identity Appliance turns a public or private cloud instance into an organizational identity provider (IDP). The primary reason an organization would want to have an IDP is for single sign-on to several websites. Gluu leverages the Shibboleth SAML platform, which was developed by universities and is deployed at hundreds of institutions. The Identity Appliance greatly reduces the complexity of deploying and managing an IDP infrastructure.
Appliances are sold on a subscription basis. You can buy one here.
In the real world authorities issue people credentials like your passport. Online, electronic authorities also issue credentials. Federated identity is a technology that enables websites to figure out which electronic authorities they trust, while at the same time enabling authorities to release only information deemed necessary.
Federated identity management is the unification of different authentication systems, so users can log on to different systems using the same authentication credentials. This is similar to single sign-on (SSO) systems, where users log on to multiple systems with a single user ID and password, and the SSO system manages accessing each application from there.
The local identity model, as the name implies, refers to authentication of a local system only. Federated identity management, on the other hand, allows users to log on to different systems across different domains, like those of various companies, enterprises or suppliers.
A close relative of federated identity management is single sign-on (SSO). In many organizations, users have several applications that they need to log on to, each requiring distinct user IDs and passwords. SSO allows a user to sign on once with a single user ID and password, and still have access to these different systems.
Security Assertion Markup Language (SAML) enables the secure exchange of authentication and authorization information between security domains. The dominant and most accepted industry standard protocol for communicating identities across the Cloud, SAML is deployed in tens of thousands of Cloud Single Sign-On (SSO) connections, and thousands of large enterprises, government agencies and service providers.
OAuth 2.0 defines a framework for securing application access to protected resources through RESTful Application Programming Interfaces (APIs). It is explicitly designed to support a variety of different client types, which access REST APIs. This includes both web enterprise applications calling out to the Cloud as well as employee or customer mobile applications accessing data in the Cloud.
As the newest provisioning specification, the Simple Cloud Identity Management (SCIM) specification defines a simple, RESTful protocol for identity account management operations.
OpenID is a consumer targeted open federated identity standard, allowing individuals Single Sign-On (SSO) to “relying party” sites from an OpenID provider such as their email client or social network. OpenID is one of few federated identity standards to enable SSO without the need for a pre-existing relationship between the identity provider and the relying party, a feature that greatly fosters scalability.
SSO (Single SignOn ) is a concept where a single username/password is used to access multiple applications. LDAP can be used for SSO by having all applications use the same LDAP to authenticate.
LDAP is kind of like a database but holds data in tree format. It is used for storing and retrieving of Authentication credentials (whether your username/password is correct) and Authorization information (what can you access with this username).
Attributes required for the federation service-that are needed for the functionality of partner websites-may exist in more than one data source (for example, LDAP, Active Directory, RDBMS). Gluu’s uses the Radiant Logic Virtual Directory Server (VDS) to map user data wherever it exists. Standardizing the flow of identity information from disparate backend systems is one of the technologies that enables Gluu to automate the provisioning of SAML trust relationships.
Yes. Groups are assigned an i-number, and members of the groups are mapped to their Gluu normalized DN.
Shibboleth is the open source SAML software used by Gluu. Shibboleth has thousands of deployments worldwide, and is the standard federation software used in the higher education community.
The word “Shibboleth” is an interesting, but sort of violent, metaphor for a security gatekeeper. The Gileadites in Biblical times had a straightforward trust model: if you couldnt correctly pronounce “shibboleth” you would be killed on the spot, otherwise you could continue on your way and cross the Jordan River.