Modern Authentication for Digital Enterprise

Since 2009, organizations around the world have trusted Gluu for large-scale, high-security identity & access management.

Read the Docs
Web Apps
Native Apps
External IDPs
(SAML, OpenID, Social)
Centralized Gluu platform configuration
Social login or inbound SAML
SSO with SAML websites
LDAP or Couchbase
Self-Service portal for MFA
Core federated identity service
2FA Service
Active Directory or LDAP Server
IDM Platform


Deliver a mission critical single sign-on (SSO) and two-factor authentication (2FA) service for applications and APIs.

  • Single Sign-On

    Offer secure single sign-on (SSO) across OpenID Connect, SAML and CAS web & mobile applications.

    Read more
  • Two-Factor Authentication

    Support a variety of 2FA mechanisms and business logic to enforce strong security everywhere.

    Read more
  • Access Management

    Secure APIs and centrally manage who can access which resources across your digital kingdom.

    Read more
  • Identity Management APIs

    Provision and de-provision users in the Gluu Server with standard identity management APIs.

    Read more
  • Directory Integration

    Bridge existing Active Directory and LDAP identity systems to give apps secure access to user data.

    Read more
  • Fast Deployment

    Linux packages for Ubuntu, CentOS, RHEL, and Debian make installing Gluu fast & easy on any cloud platform.

    Install Gluu

Built to scale

Cluster Gluu across data centers and geographic regions to achieve high performance & high availability (HA).

100% Open web standards

Avoid vendor lock-in and promote interoperability across systems.


Example Duo 2FA Script

                            # Below are snippets from an authentication script used by the Gluu Server to enforce two-factor authentication (2FA) using Duo Security.

import duo_web
import json

        if (step == 1):
            print "Duo. Authenticate for step 1"

            credentials = identity.getCredentials()
            user_name = credentials.getUsername()
            user_password = credentials.getPassword()

            logged_in = False
            if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
                userService = CdiUtil.bean(UserService)
                logged_in = authenticationService.authenticate(user_name, user_password)

            if (not logged_in):
                return False

            user = authenticationService.getAuthenticatedUser()
            if (self.use_duo_group):
                print "Duo. Authenticate for step 1. Checking if user belong to Duo group"
                is_member_duo_group = self.isUserMemberOfGroup(user, self.audit_attribute, self.duo_group)
                if (is_member_duo_group):
                    print "Duo. Authenticate for step 1. User '" + user.getUserId() + "' member of Duo group"
                    duo_count_login_steps = 2
                    duo_count_login_steps = 1

                identity.setWorkingParameter("duo_count_login_steps", duo_count_login_steps)

            return True
        elif (step == 2):
            print "Duo. Authenticate for step 2"
            user = authenticationService.getAuthenticatedUser()
            if user == None:
                print "Duo. Authenticate for step 2. Failed to determine user name"
                return False

            user_name = user.getUserId()

            sig_response_array = requestParameters.get("sig_response")
            if ArrayHelper.isEmpty(sig_response_array):
                print "Duo. Authenticate for step 2. sig_response is empty"
                return False

            duo_sig_response = sig_response_array[0]

        if (step == 1):
            print "Duo. Prepare for step 1"

            return True
        elif (step == 2):
            print "Duo. Prepare for step 2"

            user = authenticationService.getAuthenticatedUser()
            if (user == None):
                print "Duo. Prepare for step 2. Failed to determine user name"
                return False
            user_name = user.getUserId()

            duo_sig_request = duo_web.sign_request(self.ikey, self.skey, self.akey, user_name)
            print "Duo. Prepare for step 2. duo_sig_request: " + duo_sig_request
            identity.setWorkingParameter("duo_host", duo_host)
            identity.setWorkingParameter("duo_sig_request", duo_sig_request)

            return True
            return False

    def getExtraParametersForStep(self, configurationAttributes, step):
        return None

    def getCountAuthenticationSteps(self, configurationAttributes):
        identity = CdiUtil.bean(Identity)
        if (identity.isSetWorkingParameter("duo_count_login_steps")):
            return identity.getWorkingParameter("duo_count_login_steps")

        return 2

    def getPageForStep(self, configurationAttributes, step):
        if (step == 2):
            return "/auth/duo/duologin.xhtml"
        return ""

    def logout(self, configurationAttributes, requestParameters):
        return True

    def isUserMemberOfGroup(self, user, attribute, group):
        is_member = False
        member_of_list = user.getAttributeValues(attribute)
        if (member_of_list != None):
            for member_of in member_of_list:
                if StringHelper.equalsIgnoreCase(group, member_of) or member_of.endswith(group):
                    is_member = True

        return is_member

    def processAuditGroup(self, user):
        if (self.use_audit_group):
            is_member = self.isUserMemberOfGroup(user, self.audit_attribute, self.audit_group)
            if (is_member):
                print "Duo. Authenticate for processAuditGroup. User '" + user.getUserId() + "' member of audit group"
                print "Duo. Authenticate for processAuditGroup. Sending e-mail about user '" + user.getUserId() + "' login to", self.audit_email
                # Send e-mail to administrator
                user_id = user.getUserId()
                mailService = CdiUtil.bean(MailService)
                subject = "User log in: " + user_id
                body = "User log in: " + user_id
                mailService.sendMail(self.audit_email, subject, body)    

Fully customizable

Script dynamic, run-time logic for many aspects of your IAM service, including authentication, authorization, user consent and more.

Let’s discuss your project

Share your requirements and a representative will follow up to discuss how Gluu can help secure your organization.

Contact Sales

Get News and Product Updates