How we got started
Gluu was founded in 2009 by Mike Schwartz. After selling his ISP to Verio in 1998, Mike advised many large companies on identity and access management, directory services, and application security.
In late 2008, Mike had a hunch that Web single sign-on was too complex, too proprietary and too expensive for many organizations. He felt that a utility approach to SSO using open source software could provide an alternative to expensive enterprise solutions. The Gluu Server was envisioned as an integrated identity platform, based on free open source software, to make application security available to significantly greater number of organizations.
Early days: alpha and beta
The first version of the Gluu Server was based on Sun OpenSSO and OpenDS. Mike presented the idea at an OpenSSO community group at the European Identity Conference in Munich in May 2009. The first version worked a little, but there was no easy way to manage it. The next version of the Gluu Server had a better UI, but it didn’t actually do anything to configure OpenSSO.
In October of 2009, Mike met with members of the InCommon Steering Committee. At that meeting, Mike expressed concern that OpenSSO might be end-of-life. Oracle had recently purchased Sun Microsystems, and before ForgeRock was formed, it seemed possible that Oracle would simply migrate OpenSSO customers to Oracle Access Manager. Mike was convinced by the steering committee that the Shibboleth IDP was a reasonable alternative, and arguably had even more features for SAML, including fine grain access release policies, and a better approach for multi-party federation. As the InCommon federation’s efforts to evangelize SAML federation would support Gluu’s message, switching had marketing advantages, and would reduce the event risk around OpenSSO.
Shortly thereafter, a new project from scratch was launched for Gluu Server with the goal of using templates to simplify the management of the Shibboleth IDP.
Gluu Server Finally Ships!
The first live demo of the Gluu Server was at an InCommon event in Atlanta, GA in early November 2010. At that demo, Hakeem Fahm, then IT director at the University of the District of Columbia, was impressed and decided that the Gluu Server was exactly what his campus needed to join InCommon. Delivering the first Gluu Server into production took three months. The order was placed before Thanksgiving, and it was finally delivered in early February 2011. Mike helped write some of the python scripts (few, if any of which are still in use), and establish the operating procedures for delivery of the Gluu Server. In 2011, a few more campuses also adopted the Gluu Server.
Enter OAuth 2.0
OAuth 2.0 had been on Gluu’s roadmap since inception, but work started due to a consulting project Gluu had undertaken for IDCubed. This is why the OX software is MIT license–IDCubed insisted on it. The project accelerated the launch of the Gluu Server’s OAuth 2.0 features, first with OpenID Connect in late 2011. Then, in late 2012, Gluu followed by introducing support for the User Managed Access Protocol, which Mike felt provided an OAuth 2.0 based solution for access management that was superior to Computer Associates’ proprietary Siteminder access management framework.
Linux Distribution Packages
At OSCON 2014, Gluu introduced easier to install Linux packages for the Gluu Server. The goal of these distributions was to simplify deployment of the Gluu Server so that more companies could use the software. Up until this point, all deployments of the Gluu Server were performed by Gluu’s staff!
Gluu Server v3
For the next two plus years Gluu worked to smooth out the deployment process, add features, and grow its business. By the beginning of 2017, we were finally ready to release the Gluu Server version 3. In v3 we made some big changes to make the platform more modern, faster, and easier to manage. In version 3 we upgraded to Shibboleth v3, we replaced OpenDJ with OpenLDAP as the default persistence mechanism in the Gluu Server, and added support for the Passport.js project to enable easy implementation of social login.
Gluu has both a social and a business mission. These missions need not be at odds. In fact they are symbiotic. The business vision of Gluu is quite simple: offer a utility platform that enables organizations to control access to valuable online resources. Our social mission is to make the Internet a safer place for people and businesses by writing great open source software.
In addition to making all of our IAM software open source, Gluu is a trusted member of the education community and provides discounted support to educational institutions to help further access to educational resources for people everywhere.