The Gluu Server is a free open source identity and access management (IAM) platform. Most of the software included in the Gluu Server is written in Java. The most common use case for the Gluu Server is Single Sign-On (SSO). Other common use cases include mobile authentication, API access management, two-factor authentication, customer identity and access management (CIAM), and identity federation.
Note: You do not need a commercial license (or a support plan) to use the Gluu Server in production. Gluu makes money by providing VIP support to organization’s that need guaranteed support responses and priority access to Gluu’s support and development team.
100% Open Source & Open Standards
The Gluu Server is a container distribution composed of software written by Gluu and incorporated from other open source projects. Gluu projects are frequently prefixed with our open source handle: ox (e.g. oxAuth, oxTrust).
During installation you have the option to install multiple components. Each fulfills a different requirement. The only required components are oxAuth, oxTrust, and Gluu LDAP. An overview of each follows:
- oxAuth is Gluu’s inter-op leading OpenID Connect Provider (OP) and industry leading UMA Authorization Server (AS).
- oxTrust is the server administration application. In oxTrust, the server admin can manage and configure SAML & OpenID Connect single sign-on, and script policies to enforce custom authentication workflows and control access to web resources like folders and API’s.
- Passport.js provides a crowd-sourced approach to offering your users social login at popular consumer IDPs.
- Shibboleth is one of the most dependable open source SAML single sign-on servers available and is in production at more than 5,000 organization’s worldwide.
- Asimba SAML Proxy enables you to consolidate inbound SAML authentication from the IDPs of partners and customers to your website or app.
- Gluu LDAP is our compiled and supported version of OpenLDAP that provides persistence for the Gluu Server.
Note: All software included in the Gluu Server is free open source software, with no restrictions about use in production systems. See licenses here.
The Bottom Line
SaaS, custom, open source and commercial software can be made more secure by leveraging a central authentication and authorization service. Because there are so many different kinds of apps, there is no way to “top down” implement proprietary security mechanisms. This is why open standards are so important for IAM.
The Gluu Server is like a router for authentication and authorization. It speaks multiple dialects of SSO, and can help an organization manage both inbound and outbound authentication and authorization requirements. The Gluu Server is flexible enough to enforce any policy you can script and can be scaled to meet the needs of organizations of all sizes.