Press Releases


Back to Resources

Gluu Server 2.3 release includes support for FIDO U2F authentication and conformance with all OpenID Connect 1.0 profiles


The FIDO U2F standard enables convenient cryptographic authentication for tokens and mobile applications, providing a usable, secure, and inexpensive alternative to passwords.

News Highlights

  • The Gluu Server supports enrollment and authentication for any FIDO U2F 1.0 compliant client. Watch Gluu CEO Mike Schwartz display how to use FIDO U2F in the Gluu Server.
  • Compliance with all OpenID Connect conformance profiles as defined by the OpenID Connect Foundation’s certification program.

Austin, TX — June 22, 2015 — Gluu, Inc., a leading provider of open source identity and access management software, today announced that the Gluu Server 2.3 is now publicly available for download and includes out of the box support for the FIDO U2F 1.0 authentication standard. With the latest version of the Gluu Server, organizations can implement single sign-on (SSO) to any SAML or OpenID Connect protected application, to centralize the business logic for smart, adaptive, and context aware authentication.

FIDO U2F is an emerging open authentication standards initiative with strong support from more than 200 organizations in the FIDO Alliance. Now using the Gluu Server, companies can enable people to enroll a FIDO U2F token in addition (or as an alternative) to passwords. FIDO U2F was developed to thwart phishing and man-in-the-middle attacks. In addition to traditional usernames and passwords, U2F hardware authenticators, such as YubiKeys, generate public key-based signatures as a strong second factor to authenticate users.

“We are excited to announce that the Gluu Server is one of the first free open source identity and access management suites to support FIDO U2F compliant authentication devices,” said Gluu CEO Michael Schwartz. “The vast majority of security incidents are the result of bad person identification. Passwords have historically been the cheapest credentials to support, but new standards like FIDO U2F are making it easier and more scalable for organizations to enforce strong authentication for access to a large number of applications. Now any organization can authenticate using some of the same advanced technology as industry leaders like Google.”

The Gluu Server now supports the most promising standards for digital authentication and authorization, including OpenID Connect, FIDO U2F, SAML, UMA, and even LDAP, making it one of the most useful access management suites available.  

Full release notes for the Gluu Server 2.3 can be viewed here. Watch Gluu CEO Mike Schwartz display how to use FIDO U2F in the Gluu Server.

Find out more about the Gluu Server:

About Gluu:
Gluu publishes free open source Internet security software that universities, government agencies and companies can use to enable Web and mobile applications to securely identify a person, and manage what information they are allowed to access. Using a Gluu Server, organizations can centralize their authentication and authorization service and leverage standards such as OpenID Connect, UMA, and SAML 2.0 to enable federated single sign-on (SSO) and trust elevation.

Get News and Product Updates