In an effort to help the community better understand the Gluu Server’s features and capabilities, from time to time we publish our answers to customer RFI’s on the blog (of course stripped of any sensitive and/or organization specific information). If you have similar or additional questions, feel free to schedule a call with us to … Read more >>

Yesterday (June 13, 2017) Gluu's CEO Mike Schwartz hosted a webinar covering what you should look for in a secure OpenID Connect client (or "RP") implementation. In case you missed it, or would like to re-watch or share with your colleagues, the recording and slides are now available online: https://www.gluu.org/openid-connect-client-webinar-recording/ In the webinar Mike discussed a few … Read more >>

Today news broke that OneLogin, a software-as-a-service (“SaaS”) identity provider, has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data. Read the Krebs on Security article discussing the breach. This is a nightmare scenario we’ve been talking about for years at Gluu. In fact, it’s one of … Read more >>

In an effort to help others with similar questions, from time to time we publish the RFI’s we receive with our corresponding answers (of course stripped of any sensitive and/or organization specific information). We received the following RFI a few days ago from a colleague at a large organization that is evaluating a user management/SSO … Read more >>

The InCommon Technical Advisory Committee recently surveyed the higher education community’s interest in OpenID Connect (“Connect”) and OAuth. The results show strong interest in both technologies. 84% of respondents even thought that Connect and OAuth should be built into Shibboleth! Read the report. It’s great that more institutions are becoming aware of OpenID Connect, but … Read more >>

This tutorial will teach you how to build a simple Django application that sends users to a standard OpenID Connect Provider (OP) for login. The demo app, called user-view, makes use of Gluu’s commercial OAuth 2.0 client software, oxd, to securely and correctly call the OP’s APIs to log the user in, and retrieve the … Read more >>

by Rafael Ferreira Toledo Back in 2014, Nat Sakimura wrote a blog post showcasing the ease of OpenID Connect authentication. He used a JavaScript library written by Edmund Jay. It’s a really nice little library, but it needed some updating. So we decided to move it to Github. This post summarizes how to configure an … Read more >>