Gluu Blog

Follow us:
Back to Blog

How Gluu Failed.

Michael Schwartz January 29, 2014


While watching an InCommon mailing list discussion around Duo and other forms of strong authentication, it became apparent that we’ve completely failed at educating universities on what the Gluu Server is and how it works.

Learn more about the Gluu Server.

Implementations of Duo are providing the first real world experiences on large scale mobile authentication technology. In Gluu’s opinion, Duo is a fantastic mobile 2FA service. We demo it every day to customers. We rely on it internally to secure our unix servers via SSH. However, not surprisingly, Duo did not provide the all-in-one credential management nirvana for which many on the list hoped. And it brought attention to many of the challenges institutions will face outsourcing credential management to a SaaS provider.

Here is just a sample of some of the list’s feedback:

  1. Post-enrollment: management of devices.
  2. Credential reset for each authn mechanism.
  3. Delegated Admin.
  4. SAML SSO Admin console.
  5. Better AD integration.


Furthermore, some things that were not mentioned but should certainly be considered include trust elevation, adaptive authentication, and special procedures for logout (don’t forget to kill the CAS session…).

The thing is… what was being described is the Gluu Server!

Despite our best efforts to get the word out about what the Gluu Server does, obviously we failed.

The reality we are facing is a tsunami of new authentication mechanisms: mobile, biometric, cognitive, and contextual mechanisms. The situation, and the device you have in your hand determines which authentication technology has the best trade-off of price / security / usability. And, as I’ve blogged recently, account reset is the achilles heel of 2FA. You are only as strong as your weakest reset mechanism.

If you are interested in this topic we highly recommend that you join this webinar on Friday, January 31st, or schedule a call with Mike. During the call, you will learn how the Gluu Server supports and provides management interfaces for Duo and other great 2FA technologies via “oxTrust”, our admin console that enables centralized management of authentication and authorization logic for your organization.

Be sure to subscibe to
our RSS Feed

Mike Schwartz

Mike has been an entrepreneur and identity specialist for more than two decades. He is the technical and business visionary behind Gluu. Mike is an application security expert and has been a featured speaker at RSA Conference, Gartner Catalyst, Cloud Identity Summity (now "Identiverse") and many other security conferences around the world.