Latest Entries

RSS Feed
  • How to *securely* use SMS two-factor authentication (2FA)


    Any form of two-factor authentication (2FA) is better than just username/password. But sending one-time passcodes (OTP) over text message (SMS) is a notoriously weak form of 2FA. All the way back in 2016 Forbes was publishing horror stories about people getting their Bitcoin stolen due to vulnerabilities with SMS 2FA. Even though there are more … Read more >>

    Email
  • Why revenue-based pricing?


    Is an “open source business” an oxymoron? At Gluu, our flagship product–the Gluu Server identity & access management (IAM) platform–is completely free open source software. That’s been our mission for the last decade, and that’s not going to change! We don’t hold back features for paid customers. We don’t have a complicated licensing model that … Read more >>

    Email
  • Gluu Business Model Update


    From time to time, we document Gluu’s business model using one of the method’s described in the book Business Model Generation: A Handbook for Visionaries, Game Changers, and Challengers. Below is my view of the current Gluu Business Model. A few highlights: Gluu is serving a wide range of customers: from small organizations who operate … Read more >>

    Email
  • On security, docker applications, risk-based authentication and more…


    In an effort to help the community better understand the Gluu Server’s features and capabilities, from time to time we publish our answers to customer RFI’s on the blog (of course stripped of any sensitive and/or organization specific information). If you have similar or additional questions, feel free to schedule a call with us to … Read more >>

    Email
  • Recording & slides available for our OpenID Connect webinar


    Yesterday (June 13, 2017) Gluu's CEO Mike Schwartz hosted a webinar covering what you should look for in a secure OpenID Connect client (or "RP") implementation. In case you missed it, or would like to re-watch or share with your colleagues, the recording and slides are now available online: https://www.gluu.org/openid-connect-client-webinar-recording/ In the webinar Mike discussed a few … Read more >>

    Email
  • OneLogin breach exposed the ability to decrypt data


    Today news broke that OneLogin, a software-as-a-service (“SaaS”) identity provider, has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data. Read the Krebs on Security article discussing the breach. This is a nightmare scenario we’ve been talking about for years at Gluu. In fact, it’s one of … Read more >>

    Email
  • User Management Request for Information (RFI)


    In an effort to help others with similar questions, from time to time we publish the RFI’s we receive with our corresponding answers (of course stripped of any sensitive and/or organization specific information). We received the following RFI a few days ago from a colleague at a large organization that is evaluating a user management/SSO … Read more >>

    Email