Learn how to use open source software to deploy an enterprise-grade identity system.
Sync backend identities, leverage external IDPs, and achieve SSO, 2FA and more with the Gluu Server. Read the docs.
Deliver a mission critical single sign-on (SSO) and two-factor authentication (2FA) service for applications and APIs.
Offer secure single sign-on (SSO) across OpenID Connect, SAML and CAS web & mobile applications.
Read moreSupport a variety of 2FA mechanisms and business logic to enforce strong security everywhere.
Read moreSecure APIs and centrally manage who can access which resources across your digital kingdom.
Read moreProvision and de-provision users in the Gluu Server with standard identity management APIs.
Read moreBridge existing Active Directory and LDAP identity systems to give apps secure access to user data.
Read moreLinux packages for Ubuntu, CentOS, RHEL, and Debian make installing Gluu fast & easy on any cloud platform.
Install GluuCluster Gluu across data centers and geographic regions to achieve high performance & high availability (HA).
Avoid vendor lock-in and promote interoperability across systems.
# Below are snippets from an authentication script used by the Gluu Server to enforce two-factor authentication (2FA) using Duo Security.
import duo_web
import json
if (step == 1):
print "Duo. Authenticate for step 1"
credentials = identity.getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
userService = CdiUtil.bean(UserService)
logged_in = authenticationService.authenticate(user_name, user_password)
if (not logged_in):
return False
user = authenticationService.getAuthenticatedUser()
if (self.use_duo_group):
print "Duo. Authenticate for step 1. Checking if user belong to Duo group"
is_member_duo_group = self.isUserMemberOfGroup(user, self.audit_attribute, self.duo_group)
if (is_member_duo_group):
print "Duo. Authenticate for step 1. User '" + user.getUserId() + "' member of Duo group"
duo_count_login_steps = 2
else:
self.processAuditGroup(user)
duo_count_login_steps = 1
identity.setWorkingParameter("duo_count_login_steps", duo_count_login_steps)
return True
elif (step == 2):
print "Duo. Authenticate for step 2"
user = authenticationService.getAuthenticatedUser()
if user == None:
print "Duo. Authenticate for step 2. Failed to determine user name"
return False
user_name = user.getUserId()
sig_response_array = requestParameters.get("sig_response")
if ArrayHelper.isEmpty(sig_response_array):
print "Duo. Authenticate for step 2. sig_response is empty"
return False
duo_sig_response = sig_response_array[0]
if (step == 1):
print "Duo. Prepare for step 1"
return True
elif (step == 2):
print "Duo. Prepare for step 2"
user = authenticationService.getAuthenticatedUser()
if (user == None):
print "Duo. Prepare for step 2. Failed to determine user name"
return False
user_name = user.getUserId()
duo_sig_request = duo_web.sign_request(self.ikey, self.skey, self.akey, user_name)
print "Duo. Prepare for step 2. duo_sig_request: " + duo_sig_request
identity.setWorkingParameter("duo_host", duo_host)
identity.setWorkingParameter("duo_sig_request", duo_sig_request)
return True
else:
return False
def getExtraParametersForStep(self, configurationAttributes, step):
return None
def getCountAuthenticationSteps(self, configurationAttributes):
identity = CdiUtil.bean(Identity)
if (identity.isSetWorkingParameter("duo_count_login_steps")):
return identity.getWorkingParameter("duo_count_login_steps")
return 2
def getPageForStep(self, configurationAttributes, step):
if (step == 2):
return "/auth/duo/duologin.xhtml"
return ""
def logout(self, configurationAttributes, requestParameters):
return True
def isUserMemberOfGroup(self, user, attribute, group):
is_member = False
member_of_list = user.getAttributeValues(attribute)
if (member_of_list != None):
for member_of in member_of_list:
if StringHelper.equalsIgnoreCase(group, member_of) or member_of.endswith(group):
is_member = True
break
return is_member
def processAuditGroup(self, user):
if (self.use_audit_group):
is_member = self.isUserMemberOfGroup(user, self.audit_attribute, self.audit_group)
if (is_member):
print "Duo. Authenticate for processAuditGroup. User '" + user.getUserId() + "' member of audit group"
print "Duo. Authenticate for processAuditGroup. Sending e-mail about user '" + user.getUserId() + "' login to", self.audit_email
# Send e-mail to administrator
user_id = user.getUserId()
mailService = CdiUtil.bean(MailService)
subject = "User log in: " + user_id
body = "User log in: " + user_id
mailService.sendMail(self.audit_email, subject, body)
Script dynamic, run-time logic for many aspects of your IAM service, including authentication, authorization, user consent and more.
Schedule a call to share your requirements and learn how our products and services can help secure your organization.