Single Sign On
The Gluu Server stack includes both a SAML and OpenID Connect Identity Provider which can be configured for single sign-on to any SAML 2.0 or OpenID Connect protected application.
B2B or B2C
Organizations frequently have different requirements to authenticate employees and customers. Usability is not quite as important to an employer — use our security or there is the door! For customers, usability is more important — sometimes the best authentication for customers is the one they never even see. Through the use of custom interception scripts, the Gluu Server can support any authentication logic or mechanism you can script.
SAML & CAS to OpenID Connect
The Gluu Server routes all SSO sessions through oxAuth, the software that provides the OpenID Connect Provider (OP) functionality. This means that your Gluu Server can take an incoming SAML or CAS assertion from a 3rd party IDP, for example ADFS, and use that as the basis for an OIDC session, providing seamless SSO across all your apps regardless of protocol.
For customers who need to support inbound SAML authentication for partners or other organizations, the Asimba SAML proxy can be deployed. Websites can point to a single Asimba IDP and enable SSO to a number of trusted IDP’s.
SAML SP & OIDC RP Software
In order to complete the single sign-on (SSO) transaction your target application must be secured with either SAML or OpenID Connect. Many commercial applications ship with support for one of the two protocols. In general, there are two ways to secure an application in order to leverage a centralized access management platform like the Gluu Server:
1) Use a Web Server Filter / Reverse Proxy;
2) Leverage the protocol directly in your application.
Which approach to pick depends on the trade-off between easier devops (approach 1), and deeper integration of centralized security policies in your application (approach 2).
If you decide to use the Web Server Filter / Reserve Proxy approach, you can use Shibboleth SAML SP or oxd OpenID Connect RP client software to secure your application. If you prefer to leverage the federation protocol directly in your application, libraries exist for SAML and OpenID Connect in many languages, such as Java and Python.