Open Source Authentication & API Access Management

Mission Critical Authentication
and Authorization

The Gluu Server Overview

The Gluu Server for SSO, 2FA & WAM

Although it’s free to use open source security software, it still costs money for organizations to design, build and operate a mission critical authentication and authorization service.

The Gluu Server subscription can help you lower these costs. It is an on-premise, dedicated server solution that leverages our Puppet central configuration management infrastructure to more easily deploy, monitor, and operate a combination of open source identity and access management software. With a Gluu Server, your organization can support popular open web standards for single sign-on like SAML 2.0 and OpenID Connect, older TCP/IP authentication protocols such as RADIUS and LDAP, any commercial or home-grown strong authentication solution, and UMA for web access management. The subscription even includes support, monitoring and reporting, so if your authentication service goes down we can proactively try to resolve the issue.

Open Source

At Gluu, we strongly believe that open source software is simply the best software available. This is especially true with regard to security software: the more eyes on the code, the more quickly problems are identified and remediated.

Since we started Gluu, our philosophy has been to use the best available open source software when its available, and to write our own open source software to fill in the cracks where it isn’t. For example, Shibboleth was already the world’s leading SAML implementation, and FreeRadius had been around for more than a decade.

We started the OX project to address two gaps: (1) “oxTrust” provides a web based management GUI to make it easier for organizations (even Gluu!) to manage security; (2) “oxAuth” provides an implementation of an OAuth2 provider that implements OpenID Connect and UMA, two new open standards that we believe will transform the Internet, making it a safer place for businesses and consumers.


Gluu is a service provider. We are like a traditional Internet Service Provider, but one that specializes in identity and access management. We categorize our services as follows:

Design – Gluu can be engaged for short, tactical design consulting projects. For long term design projects, we can help make a referral to an integrator in your geographic region with expertise in your industry.

Build – Deploying a robust authentication, authorization (AA) service is not easy. Gluu’s Puppet recipe is the fastest way to deploy and configure the open source software included in the Gluu Server Stack. 

Operate – The launch of your organization’s new central AA service is the first step in a long journey. Gluu’s turnkey managed service provides the support, monitoring, and reporting to deliver a consistent security service year after year. 

Transfer – Gluu can help transfer our operate and build know-how to your organization’s internal workforce through training and certifications.

The Secret Sauce…


Gluu uses a proprietary Puppet recipe to build and operate Gluu Servers at scale. Puppet allows us to remotely manage Gluu Servers in a consistent way. We wrote the Gluu recipe to cost effectively deliver a “standardized” enterprise class authentication system for security conscious organizations worldwide. You’d be hard pressed to build and operate a more robust identity and access management service for your organization, with as many features as the Gluu Server, in less time, for less money. Its a utility approach to computing, on the network of your choice.