The Gluu Server is free to use for as long as you want and with an unlimited number of people.

Gluu also offers cost effective support options, and even a turnkey managed service. Learn more on our pricing page.

High Performance APIs for Application Security

Single Sign-On

The Gluu Server can be configured to achieve single sign-on to any SAML 2.0 or OpenID Connect protected application.

Access Management

Using UMA, a profile of OAuth 2.0, your organization can secure API's and centralize authorization policies for applications.

Multi-Factor Authentication

Configure multi-factor and multi-step authentication to applications, and call external API’s such as intrusion detection.

Directory Integration

Bridge your existing identity infrastructure and your applications, and leverage user information across Active Directory or any LDAP V3 server.

User Management

Add, edit and manage people, groups and user attributes and claims to ensure the proper information is released about the right people.

Enrollment

Customize workflows relating to the enrollment and registration process people face when registering new accounts at new applications.

Learn how to use the Gluu Server.



            
from org.xdi.model.custom.script.type.session import ApplicationSessionType from org.xdi.util import StringHelper, ArrayHelper from java.util import Arrays, ArrayList
import java
class ApplicationSession(ApplicationSessionType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes): print "Application session. Initialization" print "Application session. Initialized successfully" return True
def destroy(self, configurationAttributes): print "Application session. Destroy" print "Application session. Destroyed successfully" return True
def getApiVersion(self): return 1
# Application calls it at end session request to allow notify 3rd part systems # httpRequest is javax.servlet.http.HttpServletRequest # authorizationGrant is org.xdi.oxauth.model.common.AuthorizationGrant # configurationAttributes is java.util.Map
def endSession(self, httpRequest, authorizationGrant, configurationAttributes): print "Application session. Starting external session end" print "Application session. External session ended successfully" return True

            
from org.jboss.seam.security import Identity from org.xdi.model.custom.script.type.auth import PersonAuthenticationType from org.xdi.oxauth.service import UserService from org.xdi.util import StringHelper
import java
class PersonAuthentication(PersonAuthenticationType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes): print "Basic. Initialization" print "Basic. Initialized successfully" return True
def destroy(self, configurationAttributes): print "Basic. Destroy" print "Basic. Destroyed successfully" return True
def getApiVersion(self): return 1
def isValidAuthenticationMethod(self, usageType, configurationAttributes): return True
def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes): return None
def authenticate(self, configurationAttributes, requestParameters, step):
if (step == 1):
print "Basic. Authenticate for step 1"
credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword()
logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
userService = UserService.instance()
logged_in = userService.authenticate(user_name, user_password)
if (not logged_in): return False return True
else:
return False
def prepareForStep(self, configurationAttributes, requestParameters, step):
if (step == 1):
print "Basic. Prepare for Step 1" return True
else: return False
def getExtraParametersForStep(self, configurationAttributes, step): return None
def getCountAuthenticationSteps(self, configurationAttributes): return 1
def getPageForStep(self, configurationAttributes, step): return ""
def logout(self, configurationAttributes, requestParameters): return True

            
from org.xdi.model.custom.script.type.uma import AuthorizationPolicyType from org.xdi.util import StringHelper, ArrayHelper from java.util import Arrays, ArrayList from org.xdi.oxauth.service.uma.authorization import AuthorizationContext
import java
class AuthorizationPolicy(AuthorizationPolicyType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes): print "UMA authorization policy. Initialization" print "UMA authorization policy. Initialized successfully" return True
def destroy(self, configurationAttributes): print "UMA authorization policy. Destroy" print "UMA authorization policy. Destroyed successfully" return True
def getApiVersion(self): return 1
# Process policy rule # authorizationContext is org.xdi.oxauth.service.uma.authorization.AuthorizationContext # configurationAttributes is java.util.Map
def authorize(self, authorizationContext, configurationAttributes): print "UMA Authorization policy. Attempting to authorize client" client_id = authorizationContext.getGrant().getClientId() print "UMA Authorization policy. Client: ", client_id if (StringHelper.equalsIgnoreCase("@!1111!0008!FDC0.0FF5", client_id)): print "UMA Authorization policy. Authorizing client" return True else: print "UMA Authorization policy. Client isn't authorized" return False print "UMA Authorization policy. Authorizing client" return True

            
from org.xdi.model.custom.script.type.user import CacheRefreshType from org.xdi.util import StringHelper, ArrayHelper from java.util import Arrays, ArrayList from org.gluu.oxtrust.model import GluuCustomAttribute
import java
class CacheRefresh(CacheRefreshType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes): print "Cache refresh. Initialization" print "Cache refresh. Initialized successfully" return True
def destroy(self, configurationAttributes): print "Cache refresh. Destroy" print "Cache refresh. Destroyed successfully" return True
# Update user entry before persist it # user is org.gluu.oxtrust.model.GluuCustomPerson # configurationAttributes is java.util.Map
def updateUser(self, user, configurationAttributes): print "Cache refresh. UpdateUser method" attributes = user.getCustomAttributes() # Add new attribute preferredLanguage attrPrefferedLanguage = GluuCustomAttribute("preferredLanguage", "en-us") attributes.add(attrPrefferedLanguage) # Add new attribute userPassword attrUserPassword = GluuCustomAttribute("userPassword", "test") attributes.add(attrUserPassword) # Update givenName attribute for attribute in attributes: attrName = attribute.getName() if (("givenname" == StringHelper.toLowerCase(attrName)) and StringHelper.isNotEmpty(attribute.getValue())): attribute.setValue(StringHelper.removeMultipleSpaces(attribute.getValue()) + " (updated)") return True
def getApiVersion(self): return 1

            
from org.xdi.model.custom.script.type.client import ClientRegistrationType from org.xdi.util import StringHelper, ArrayHelper from org.xdi.oxauth.service import ScopeService from java.util import Arrays, ArrayList
import java
class ClientRegistration(ClientRegistrationType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes): print "Client registration. Initialization" self.scopeService = ScopeService.instance() print "Client registration. Initialized successfully" return True
def destroy(self, configurationAttributes): print "Client registration. Destroy" print "Client registration. Destroyed successfully" return True
# Update client entry before persistent it # registerRequest is org.xdi.oxauth.client.RegisterRequest # client is org.xdi.oxauth.model.registration.Client # configurationAttributes is java.util.Map
def updateClient(self, registerRequest, client, configurationAttributes): print "Client registration. UpdateClient method" redirectUris = client.getRedirectUris() print "Client registration. Redirect Uris:", redirectUris addAddressScope = False for redirectUri in redirectUris: if (StringHelper.equalsIgnoreCase(redirectUri, "https://client.example.com/example1")): addAddressScope = True break print "Client registration. Is add address scope:", addAddressScope if (addAddressScope): currentScopes = client.getScopes() print "Client registration. Current scopes:", currentScopes addressScope = self.scopeService.getScopeByDisplayName("address") newScopes = ArrayHelper.addItemToStringArray(currentScopes, addressScope.getDn()) print "Client registration. Result scopes:", newScopes client.setScopes(newScopes) return True
def getApiVersion(self): return 1

            
from org.xdi.model.custom.script.type.id import IdGeneratorType from org.xdi.util import StringHelper, ArrayHelper from java.util import Arrays, ArrayList
import java
class IdGenerator(IdGeneratorType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes): print "Id generator. Initialization" print "Id generator. Initialized successfully" return True
def destroy(self, configurationAttributes): print "Id generator. Destroy" print "Id generator. Destroyed successfully" return True
def getApiVersion(self): return 1
# Id generator init method # appId is application Id # idType is Id Type # idPrefix is Id Prefix # user is org.gluu.oxtrust.model.GluuCustomPerson # configurationAttributes is java.util.Map def generateId(self, appId, idType, idPrefix, configurationAttributes): print "Id generator. Generate Id" print "Id generator. Generate Id. AppId: '", appId, "', IdType: '", idType, "', IdPrefix: '", idPrefix, "'" # Return None or empty string to trigger default Id generation method return None

            
from org.xdi.model.custom.script.type.user import UpdateUserType from org.xdi.util import StringHelper, ArrayHelper from java.util import Arrays, ArrayList
import java
class UpdateUser(UpdateUserType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes): print "Update user. Initialization" print "Update user. Initialized successfully" return True
def destroy(self, configurationAttributes): print "Update user. Destroy" print "Update user. Destroyed successfully" return True
# Update user entry before persistent it # user is org.gluu.oxtrust.model.GluuCustomPerson # persisted is boolean value to specify if operation type: add/modify # configurationAttributes is java.util.Map
def updateUser(self, user, persisted, configurationAttributes): print "Update user. UpdateUser method" uid = user.getUid() print "Update user. User Uid:", uid mail = uid + "@example.org" user.setMail(mail) return True
def getApiVersion(self): return 1

            
from org.xdi.model.custom.script.type.user import UserRegistrationType from org.xdi.util import StringHelper, ArrayHelper from java.util import Arrays, ArrayList
import java
class UserRegistration(UserRegistrationType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes): print "User registration. Initialization" print "User registration. Initialized successfully" return True
def destroy(self, configurationAttributes): print "User registration. Destroy" print "User registration. Destroyed successfully" return True
# User registration init method # user is org.gluu.oxtrust.model.GluuCustomPerson # requestParameters is java.util.Map # configurationAttributes is java.util.Map
def initRegistration(self, user, requestParameters, configurationAttributes): print "User registration. Init method" return True
# User registration pre method # user is org.gluu.oxtrust.model.GluuCustomPerson # requestParameters is java.util.Map # configurationAttributes is java.util.Map
def preRegistration(self, user, requestParameters, configurationAttributes): print "User registration. Pre method" return True
# User registration post method # user is org.gluu.oxtrust.model.GluuCustomPerson # requestParameters is java.util.Map # configurationAttributes is java.util.Map
def postRegistration(self, user, requestParameters, configurationAttributes): print "User registration. Post method" return True
def getApiVersion(self): return 1

            
from org.xdi.model.custom.script.type.scope import DynamicScopeType from org.xdi.util import StringHelper, ArrayHelper from java.util import Arrays, ArrayList
import java
class DynamicScope(DynamicScopeType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes): print "Dynamic scope. Initialization" print "Dynamic scope. Initialized successfully" return True
def destroy(self, configurationAttributes): print "Dynamic scope. Destroy" print "Dynamic scope. Destroyed successfully" return True
# Update Json Web token before signing/encrypting it # dynamicScopeContext is org.xdi.oxauth.service.external.context.DynamicScopeExternalContext # configurationAttributes is java.util.Map
def update(self, dynamicScopeContext, configurationAttributes): print "Dynamic scope. Update method" dynamicScopes = dynamicScopeContext.getDynamicScopes() user = dynamicScopeContext.getUser() jsonToken = dynamicScopeContext.getJsonToken() claims = jsonToken.getClaims() # Iterate through list of dynamic scopes in order to add custom scopes if needed print "Dynamic scope. Dynamic scopes:", dynamicScopes for dynamicScope in dynamicScopes: # Add organization name if there is scope = org_name if (StringHelper.equalsIgnoreCase(dynamicScope, "org_name")): claims.setClaim("org_name", "Gluu, Inc.") continue # Add work phone if there is scope = work_phone if (StringHelper.equalsIgnoreCase(dynamicScope, "work_phone")): workPhone = user.getAttribute("telephoneNumber"); if (StringHelper.isNotEmpty(workPhone)): claims.setClaim("work_phone", workPhone) continue
return True
def getApiVersion(self): return 1

Completely customize your identity and access management service.

Every organization has unique requirements for authentication, authorization, and identity management. Using Jython interception scripts, the Gluu Server can be customized to facilitate dynamic enforcement of any policy-driven business logic.


100% open source software and support for open web standards.

The Gluu Server is an identity and access management suite comprised of free open source software (FOSS) components, and supports the following open web standards: OpenID Connect, SAML, UMA, SCIM, FIDO U2F, and even LDAP.


Deploy a single Gluu Server or a cluster of servers to achieve high availability.

Using apt-get or yum you can quickly deploy a single Gluu Server Community Edition (CE) instance. Leveraging our commercially licensed Enterprise Edition (EE) packages, your organization can deploy multiple replicated Gluu Servers to enable a highly available, geographically distributed access management service.


Find A Support Plan That's Right For You

Large enterprise

Optimize your authentication and authorization infrastructure with Gluu's enterprise-ready package.

Growing business

Support for advanced topics like clustering, as well as design and security reviews and support meetings with Gluu engineers.

Starter Package

Private support, design and security reviews, and support meetings with Gluu engineers.

Schedule a Call

Speak to us today to learn more about how the Gluu Server can help protect your organization.

Let's discuss your needs