How we got here

Driving down the cost of identity & access management (IAM) to help organizations around the world improve security.

How we got started

Gluu was founded in 2009 by Mike Schwartz. After selling his Internet Service Provider (ISP) to Verio in 1998, Mike advised many large companies on identity and access management (IAM), directory services, and application security.

In late 2008, Mike had a hunch that Web single sign-on (SSO) was too complex, too proprietary and too expensive for many organizations. He felt a utility approach to SSO using open source software could offer an alternative to expensive enterprise solutions. The Gluu Server was envisioned as an integrated identity platform, based on free open source software (FOSS), to make application security available to significantly greater number of organizations.

Early days: alpha and beta

The first version of Gluu was based on Sun OpenSSO and OpenDS. Mike presented the idea at an OpenSSO community group at the European Identity Conference (EIC) in Munich in May 2009. The first version worked, but there was no easy way to manage it. The next version of Gluu had a better UI, but it didn’t actually do anything to configure SSO.

In October of 2009, Mike met with members of the InCommon Steering Committee. At that meeting, Mike expressed concern that OpenSSO might be end-of-life. Oracle had recently purchased Sun Microsystems, and before ForgeRock was formed, it seemed possible that Oracle would simply migrate OpenSSO customers to Oracle Access Manager. Mike was convinced by the steering committee that the Shibboleth IDP was a reasonable alternative, and arguably had a more active community and more features, including fine grain access release policies, and a better approach for multi-party federation. As the InCommon federation’s efforts to evangelize SAML federation would support Gluu’s message, switching had marketing advantages, and would reduce the event risk around OpenSSO.

Shortly thereafter, a new project from scratch was launched for the Gluu Server with the goal of using templates to simplify management of the Shibboleth IDP.

Gluu Server Finally Ships!

The first live demo of the Gluu Server was at an InCommon event in Atlanta, GA in early November 2010. At that demo, Hakeem Fahm, then IT director at the University of the District of Columbia, was impressed and decided that the Gluu Server was exactly what his campus needed to join InCommon. Delivering the first Gluu Server into production took three months..! The order was placed before Thanksgiving, and it was finally delivered in early February 2011. Mike helped write some of the python scripts (few, if any of which are still in use), and establish the operating procedures for delivery of the Gluu Server. In 2011, a few more campuses also adopted the Gluu Server.

Enter OAuth 2.0

OAuth 2.0 had been on Gluu’s roadmap since inception, but work started due to a consulting project Gluu had undertaken for IDCubed. This is why the OX software is MIT license–IDCubed insisted on it. The project accelerated the launch of the Gluu Server’s OAuth 2.0 features, first with OpenID Connect in late 2011. Then, in late 2012, Gluu followed by introducing support for the User Managed Access Protocol, which Mike felt provided an OAuth 2.0 based solution for access management that was superior to the proprietary access management frameworks used by legacy IAM vendors like CA and Oracle.

Linux Distribution Packages

At OSCON 2014, Gluu introduced easier to install Linux packages for the Gluu Server. The goal of these distributions was to simplify deployment of the Gluu Server so more organizations could use the software. Up until this point, all deployments of the Gluu Server were performed by Gluu’s staff!

Gluu Server v3

For the next two plus years Gluu worked to smooth out the deployment process, add features, and grow its business. By the beginning of 2017, Gluu was ready to release a more modern, faster, and easier to manage Gluu Server v3 which was upgraded to support Shibboleth v3 and Gluu OpenLDAP. In addition, the Passport.js authentication middleware was added to the stack to support social login and inbound identity.

Our Vision

Gluu has both a social and a business mission. These missions need not be at odds. In fact they are symbiotic. The business vision of Gluu is quite simple: offer an open source utility platform that enables organizations to control access to valuable online resources. Our social mission is to make the Internet a safer place for people and businesses by writing great open source software.

Giving Back

In addition to making our software free open source, Gluu is a trusted member of the education community and provides discounted support to educational institutions to help simplify and secure access to educational resources for people everywhere.

Get News and Product Updates