High Performance APIs for Application Security
Single Sign-On
The Gluu Server can be configured to achieve single sign-on to any SAML 2.0 or OpenID Connect protected application.
Access Management
Using UMA, a profile of OAuth 2.0, your organization can secure API's and centralize authorization policies for applications.
Multi-Factor Authentication
Configure multi-factor and multi-step authentication to applications, and call external API’s such as intrusion detection.
Directory Integration
Bridge your existing identity infrastructure and your applications, and leverage user information across Active Directory or any LDAP V3 server.
User Management
Add, edit and manage people, groups and user attributes and claims to ensure the proper information is released about the right people.
Enrollment
Customize workflows relating to the enrollment and registration process people face when registering new accounts at new applications.
from org.xdi.model.custom.script.type.session import ApplicationSessionType
from org.xdi.util import StringHelper, ArrayHelper
from java.util import Arrays, ArrayList
import java
class ApplicationSession(ApplicationSessionType):
def __init__(self, currentTimeMillis):
self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes):
print "Application session. Initialization"
print "Application session. Initialized successfully"
return True
def destroy(self, configurationAttributes):
print "Application session. Destroy"
print "Application session. Destroyed successfully"
return True
def getApiVersion(self):
return 1
# Application calls it at end session request to allow notify 3rd part systems
# httpRequest is javax.servlet.http.HttpServletRequest
# authorizationGrant is org.xdi.oxauth.model.common.AuthorizationGrant
# configurationAttributes is java.util.Map
def endSession(self, httpRequest, authorizationGrant, configurationAttributes):
print "Application session. Starting external session end"
print "Application session. External session ended successfully"
return True
from org.jboss.seam.security import Identity
from org.xdi.model.custom.script.type.auth import PersonAuthenticationType
from org.xdi.oxauth.service import UserService
from org.xdi.util import StringHelper
import java
class PersonAuthentication(PersonAuthenticationType):
def __init__(self, currentTimeMillis):
self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes):
print "Basic. Initialization"
print "Basic. Initialized successfully"
return True
def destroy(self, configurationAttributes):
print "Basic. Destroy"
print "Basic. Destroyed successfully"
return True
def getApiVersion(self):
return 1
def isValidAuthenticationMethod(self, usageType, configurationAttributes):
return True
def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):
return None
def authenticate(self, configurationAttributes, requestParameters, step):
if (step == 1):
print "Basic. Authenticate for step 1"
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
userService = UserService.instance()
logged_in = userService.authenticate(user_name, user_password)
if (not logged_in):
return False
return True
else:
return False
def prepareForStep(self, configurationAttributes, requestParameters, step):
if (step == 1):
print "Basic. Prepare for Step 1"
return True
else:
return False
def getExtraParametersForStep(self, configurationAttributes, step):
return None
def getCountAuthenticationSteps(self, configurationAttributes):
return 1
def getPageForStep(self, configurationAttributes, step):
return ""
def logout(self, configurationAttributes, requestParameters):
return True
from org.xdi.model.custom.script.type.uma import AuthorizationPolicyType
from org.xdi.util import StringHelper, ArrayHelper
from java.util import Arrays, ArrayList
from org.xdi.oxauth.service.uma.authorization import AuthorizationContext
import java
class AuthorizationPolicy(AuthorizationPolicyType):
def __init__(self, currentTimeMillis):
self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes):
print "UMA authorization policy. Initialization"
print "UMA authorization policy. Initialized successfully"
return True
def destroy(self, configurationAttributes):
print "UMA authorization policy. Destroy"
print "UMA authorization policy. Destroyed successfully"
return True
def getApiVersion(self):
return 1
# Process policy rule
# authorizationContext is org.xdi.oxauth.service.uma.authorization.AuthorizationContext
# configurationAttributes is java.util.Map
def authorize(self, authorizationContext, configurationAttributes):
print "UMA Authorization policy. Attempting to authorize client"
client_id = authorizationContext.getGrant().getClientId()
print "UMA Authorization policy. Client: ", client_id
if (StringHelper.equalsIgnoreCase("@!1111!0008!FDC0.0FF5", client_id)):
print "UMA Authorization policy. Authorizing client"
return True
else:
print "UMA Authorization policy. Client isn't authorized"
return False
print "UMA Authorization policy. Authorizing client"
return True
from org.xdi.model.custom.script.type.user import CacheRefreshType
from org.xdi.util import StringHelper, ArrayHelper
from java.util import Arrays, ArrayList
from org.gluu.oxtrust.model import GluuCustomAttribute
import java
class CacheRefresh(CacheRefreshType):
def __init__(self, currentTimeMillis):
self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes):
print "Cache refresh. Initialization"
print "Cache refresh. Initialized successfully"
return True
def destroy(self, configurationAttributes):
print "Cache refresh. Destroy"
print "Cache refresh. Destroyed successfully"
return True
# Update user entry before persist it
# user is org.gluu.oxtrust.model.GluuCustomPerson
# configurationAttributes is java.util.Map
def updateUser(self, user, configurationAttributes):
print "Cache refresh. UpdateUser method"
attributes = user.getCustomAttributes()
# Add new attribute preferredLanguage
attrPrefferedLanguage = GluuCustomAttribute("preferredLanguage", "en-us")
attributes.add(attrPrefferedLanguage)
# Add new attribute userPassword
attrUserPassword = GluuCustomAttribute("userPassword", "test")
attributes.add(attrUserPassword)
# Update givenName attribute
for attribute in attributes:
attrName = attribute.getName()
if (("givenname" == StringHelper.toLowerCase(attrName)) and StringHelper.isNotEmpty(attribute.getValue())):
attribute.setValue(StringHelper.removeMultipleSpaces(attribute.getValue()) + " (updated)")
return True
def getApiVersion(self):
return 1
from org.xdi.model.custom.script.type.client import ClientRegistrationType
from org.xdi.util import StringHelper, ArrayHelper
from org.xdi.oxauth.service import ScopeService
from java.util import Arrays, ArrayList
import java
class ClientRegistration(ClientRegistrationType):
def __init__(self, currentTimeMillis):
self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes):
print "Client registration. Initialization"
self.scopeService = ScopeService.instance()
print "Client registration. Initialized successfully"
return True
def destroy(self, configurationAttributes):
print "Client registration. Destroy"
print "Client registration. Destroyed successfully"
return True
# Update client entry before persistent it
# registerRequest is org.xdi.oxauth.client.RegisterRequest
# client is org.xdi.oxauth.model.registration.Client
# configurationAttributes is java.util.Map<String, SimpleCustomProperty>
def updateClient(self, registerRequest, client, configurationAttributes):
print "Client registration. UpdateClient method"
redirectUris = client.getRedirectUris()
print "Client registration. Redirect Uris:", redirectUris
addAddressScope = False
for redirectUri in redirectUris:
if (StringHelper.equalsIgnoreCase(redirectUri, "https://client.example.com/example1")):
addAddressScope = True
break
print "Client registration. Is add address scope:", addAddressScope
if (addAddressScope):
currentScopes = client.getScopes()
print "Client registration. Current scopes:", currentScopes
addressScope = self.scopeService.getScopeByDisplayName("address")
newScopes = ArrayHelper.addItemToStringArray(currentScopes, addressScope.getDn())
print "Client registration. Result scopes:", newScopes
client.setScopes(newScopes)
return True
def getApiVersion(self):
return 1
from org.xdi.model.custom.script.type.id import IdGeneratorType
from org.xdi.util import StringHelper, ArrayHelper
from java.util import Arrays, ArrayList
import java
class IdGenerator(IdGeneratorType):
def __init__(self, currentTimeMillis):
self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes):
print "Id generator. Initialization"
print "Id generator. Initialized successfully"
return True
def destroy(self, configurationAttributes):
print "Id generator. Destroy"
print "Id generator. Destroyed successfully"
return True
def getApiVersion(self):
return 1
# Id generator init method
# appId is application Id
# idType is Id Type
# idPrefix is Id Prefix
# user is org.gluu.oxtrust.model.GluuCustomPerson
# configurationAttributes is java.util.Map<String, SimpleCustomProperty>
def generateId(self, appId, idType, idPrefix, configurationAttributes):
print "Id generator. Generate Id"
print "Id generator. Generate Id. AppId: '", appId, "', IdType: '", idType, "', IdPrefix: '", idPrefix, "'"
# Return None or empty string to trigger default Id generation method
return None
from org.xdi.model.custom.script.type.user import UpdateUserType
from org.xdi.util import StringHelper, ArrayHelper
from java.util import Arrays, ArrayList
import java
class UpdateUser(UpdateUserType):
def __init__(self, currentTimeMillis):
self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes):
print "Update user. Initialization"
print "Update user. Initialized successfully"
return True
def destroy(self, configurationAttributes):
print "Update user. Destroy"
print "Update user. Destroyed successfully"
return True
# Update user entry before persistent it
# user is org.gluu.oxtrust.model.GluuCustomPerson
# persisted is boolean value to specify if operation type: add/modify
# configurationAttributes is java.util.Map<String, SimpleCustomProperty>
def updateUser(self, user, persisted, configurationAttributes):
print "Update user. UpdateUser method"
uid = user.getUid()
print "Update user. User Uid:", uid
mail = uid + "@example.org"
user.setMail(mail)
return True
def getApiVersion(self):
return 1
from org.xdi.model.custom.script.type.user import UserRegistrationType
from org.xdi.util import StringHelper, ArrayHelper
from java.util import Arrays, ArrayList
import java
class UserRegistration(UserRegistrationType):
def __init__(self, currentTimeMillis):
self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes):
print "User registration. Initialization"
print "User registration. Initialized successfully"
return True
def destroy(self, configurationAttributes):
print "User registration. Destroy"
print "User registration. Destroyed successfully"
return True
# User registration init method
# user is org.gluu.oxtrust.model.GluuCustomPerson
# requestParameters is java.util.Map<String, String[]>
# configurationAttributes is java.util.Map<String, SimpleCustomProperty>
def initRegistration(self, user, requestParameters, configurationAttributes):
print "User registration. Init method"
return True
# User registration pre method
# user is org.gluu.oxtrust.model.GluuCustomPerson
# requestParameters is java.util.Map<String, String[]>
# configurationAttributes is java.util.Map<String, SimpleCustomProperty>
def preRegistration(self, user, requestParameters, configurationAttributes):
print "User registration. Pre method"
return True
# User registration post method
# user is org.gluu.oxtrust.model.GluuCustomPerson
# requestParameters is java.util.Map<String, String[]>
# configurationAttributes is java.util.Map<String, SimpleCustomProperty>
def postRegistration(self, user, requestParameters, configurationAttributes):
print "User registration. Post method"
return True
def getApiVersion(self):
return 1
from org.xdi.model.custom.script.type.scope import DynamicScopeType
from org.xdi.util import StringHelper, ArrayHelper
from java.util import Arrays, ArrayList
import java
class DynamicScope(DynamicScopeType):
def __init__(self, currentTimeMillis):
self.currentTimeMillis = currentTimeMillis
def init(self, configurationAttributes):
print "Dynamic scope. Initialization"
print "Dynamic scope. Initialized successfully"
return True
def destroy(self, configurationAttributes):
print "Dynamic scope. Destroy"
print "Dynamic scope. Destroyed successfully"
return True
# Update Json Web token before signing/encrypting it
# dynamicScopeContext is org.xdi.oxauth.service.external.context.DynamicScopeExternalContext
# configurationAttributes is java.util.Map<String, SimpleCustomProperty>
def update(self, dynamicScopeContext, configurationAttributes):
print "Dynamic scope. Update method"
dynamicScopes = dynamicScopeContext.getDynamicScopes()
user = dynamicScopeContext.getUser()
jsonToken = dynamicScopeContext.getJsonToken()
claims = jsonToken.getClaims()
# Iterate through list of dynamic scopes in order to add custom scopes if needed
print "Dynamic scope. Dynamic scopes:", dynamicScopes
for dynamicScope in dynamicScopes:
# Add organization name if there is scope = org_name
if (StringHelper.equalsIgnoreCase(dynamicScope, "org_name")):
claims.setClaim("org_name", "Gluu, Inc.")
continue
# Add work phone if there is scope = work_phone
if (StringHelper.equalsIgnoreCase(dynamicScope, "work_phone")):
workPhone = user.getAttribute("telephoneNumber");
if (StringHelper.isNotEmpty(workPhone)):
claims.setClaim("work_phone", workPhone)
continue
return True
def getApiVersion(self):
return 1
Completely customize your identity and access management service.
Every organization has unique requirements for authentication, authorization, and identity management. Using Jython interception scripts, the Gluu Server can be customized to facilitate dynamic enforcement of any policy-driven business logic.
100% open source software and open web standards.
The Gluu Server is an identity and access management suite comprised of free open source software (FOSS) components, and supports the following open web standards: OpenID Connect, SAML, UMA, SCIM, FIDO U2F, and even LDAP.
Deploy a single Gluu Server or a cluster of servers to achieve high availability.
By enabling LDAP replication and file system replication, the Gluu Server Community Edition (CE) can be clustered to meet your organization's requirements for redundancy and fail over.
Find A Support Plan That's Right For You
The Gluu Server is free to use, and we even offer community support. But for organizations that need private support, security reviews, and SLAs, we offer a range of cost effective support plans.
Enterprise
$75,000/year
Support highlights:
- Advanced notification of security issues and fixes
- One (1) hour SLA on production outages
- Up to eight (8) Named Contacts to Gluu private support
- Up to ten (10) hours of ad hoc calls per quarter
Premium
$35,000/year
Support highlights:
- Advanced notification of security issues and fixes
- Two (2) hour SLA on production outages
- Up to six (6) Named Contacts to Gluu private support
- Up to six (6) hours of ad hoc calls per quarter
Basic
$6,000/year
Support highlights:
- Advanced notification of security issues and fixes
- Twelve (12) hour SLA on production outages
- Up to four (4) Named Contacts to Gluu private support
- Up to three (3) hours of ad hoc calls per quarter
Schedule a Call
Speak to us today to learn more about how the Gluu Server can help protect your organization.
Let's discuss your needs