Get the book about IAM today!

Learn how to use open source software to deploy an enterprise-grade identity system.

Get the book about IAM today!

Gluu Server Roadmap

An open source, enterprise IAM platform you can depend upon long-term. See the roadmap below to determine which version is right for your project.

Gluu Server 4.0 Roadmap

Latest Stable Release

Highlights

  • APIs for oxTrust (VIP)
  • Support for Couchbase EE for persistence (VIP)
  • Abstracted DB layer
  • Inbound identity enhancements
  • SAML NameID improvements
  • Support for SAML ACRs
  • Support for Gluu RADIUS server

Install Gluu 4.0 Beta

Issues

oxAuth

  • #901 Super Gluu created time needs time zone support
  • #884 Don't return refresh token if client doesn't have refresh_token grant
  • #861 Request objects should have iat and expiration
  • #860 Move all integration pages and scripts into sub-project of oxAuth
  • #859 Improve Live Script Debug
  • #853 CAS logout with oxAuth-session script ( application_session )
  • #848 Move client side test requestAuthorizationForOpenIdScopeAndPairwiseId to server side test
  • #847 Bouncycastle throw ClassCastException after upgrade to 1.59
  • #839 Support for spontaneous scopes
  • #825 Group configuration properties to make it more user-friendly
  • #823 Authenitcator should not use "@!" to distingusih use/client credentials.
  • #822 Add a new attribute's type to handle attributes containing JSON data more gracefully in OIDC flows
  • #813 CleanupTimer has to run in own connection pool to not effect oxauth performance
  • #811 Upgrade to Jackson 2.x (from current Jackson 1.x)
  • #810 Add Opentracing support
  • #809 Add support for account switching
  • #804 pre-fix value for access token
  • #800 Userinfo can't be contacted with access_token issued during resource owner creds grant flow if redirect_uri is not specified for the client
  • #795 Allow to set the pairwiseIdType (algorithmic/persistent) on a client basis
  • #789 Add support for id token upon token refresh
  • #784 Add support for Token Revocation
  • #767 Could you add these authorization code request and response sections in a future version of oxauth-rp
  • #756 OAuth Scope Refactoring
  • #751 Update Saml script to allow sign request
  • #750 Add CIBA support to oxAuth
  • #748 UMA RPT Policy evaluator : if no policies it grants access. We have to make it configurable (e.g. deny instead of grant)
  • #742 Update Dynamic Registration Management
  • #734 `uniqueIdentifier` removal in replicated server / clustered Gluu Server
  • #720 Add support for DELETE request to OIDC Dynamic Registration endpoint
  • #719 Allow to update oxDisabled attribute using Dynamic Client Registration endpoint
  • #697 Performance : ˜40% of time is blocked by weld synchronization during high load (>800 threads).
  • #694 Support redis failover in standalone
  • #674 UMA: require client requested scopes to be pre-registered
  • #667 Custom interception authorization script for Connect.
  • #663 Cache UMA Permission Ticket
  • #657 Synchronize CAS logout with OpenID Connect logout
  • #640 Provide automatic deployment to build server in order to see real test results
  • #637 Create reusable login template
  • #602 Update client resets grant-types if it has no value
  • #589 Phone number verification message for Twilio
  • #586 UMA 2 : Add Selenium user emulation for Claims-Gathering test pages (country.xhtml and city.xhml)
  • #566 Introspection endpoint: Add support for basic authentication
  • #548 Add s_hash to id_Token
  • #535 Provide customization of front-channel generated html from /end_session
  • #505 Key History
  • #498 Strip querystring from logout redirect URI comparison
  • #485 Support OpenID Connect Claims Languages
  • #480 acr_values router script.
  • #469 Extend Session Endpoint
  • #460 Performance : go over oxauth threads blocks that appears after 140req/s
  • #447 Federation: Publish metadata_statement_uris
  • #446 Federation: add signed_jwks_uri
  • #445 Federation: add signing_keys_uri
  • #437 Implement better HTTP Header Security
  • #413 Increase size of oxAuth-rp text areas
  • #393 Collect performance stats in oxAuth
  • #373 Add support for response-type=None
  • #353 Change client secret to bcrypt
  • #313 Support Proof of Possession Tokens
  • #308 Support JWT Token Revocation
  • #303 OAuth2 Assertion Grant for SAML assertions and signed JWT's
  • #302 Client Registration: Validation user facing values
  • #296 [Feature Request] Please add RADIUS as GLUU custom authentication script
  • #273 RP-Demo configuration improvement
  • #267 IDP Initiated Authentication Script
  • #233 New iFrame implicit flow
  • #223 Add postLogin method for authentication script
  • #218 Implement U2F attestation certificate validation
  • #208 Provide endpoint with list of enabled custom autentication methods
  • #207 User Review of Persistent Client Scope Authorizations
  • #206 OpenID Connect Line Item Scope Approval
  • #195 remove code duplication
  • #141 Add Support for OAuth2 Device Flow
  • #89 Support for Software Statement Protected Client Registration
  • #87 Work with photo attributes
  • #70 Back-Channel Logout
  • #68 Add metric to store CPU/memory usage
  • #9 oxAuth client should support HTTP proxy

oxTrust

  • #1291 Show All attributes show error page
  • #1290 Impossible to add new TR
  • #1289 Impossible to add New user
  • #1220 Improvement : introduce toolbar for `page-wide` buttons.
  • #1219 Improvement : oxTrust automatically switch to another tab on update action.
  • #1147 Users Should Be Able to Add Custom ClientID On Client Creation
  • #1106 OpenID Client Auto-Generated Password Is Not Cryptographically Strong
  • #1096 User sync (cache refresh) in a containerised environment
  • #1088 SMTP Server Configuration Are Not Saved
  • #998 SCIM2 filter code should build filter graph to allow convert it in any filter type
  • #992 Use automate tests to test API insted of manual testing
  • #935 Server Log API
  • #934 Server Status API
  • #933 OxAuth configuration API
  • #932 OxTrust configuration API
  • #931 Registration API
  • #930 Custom Scripts API
  • #929 Certificates API
  • #928 Attributes API
  • #927 Authentication Method API
  • #926 Organization profile API
  • #925 Personal profile API
  • #924 Users API - People
  • #923 Users API - Groups
  • #922 CAS API
  • #921 UMA API
  • #920 OpenID Connect API
  • #919 SAML - Asimba API
  • #918 SAML - TrustRelationship API
  • #885 SCIM interception script: add handler for GET
  • #843 Use decorator for input elements
  • #820 Verify user's memberOf is synced when group members are changed via SCIM
  • #815 Show Modality accordign to requirement
  • #812 Rename @protected SCIM anddotation to @ScimProtectedApi
  • #803 Protect oxTrust apis by UMA
  • #786 Cover oxTrust API by tests
  • #785 Cover all oxTrust GUI by oxTrust API
  • #784 Prepare working prototype which demonstrates oxTrust API
  • #783 Prepare client/server code to protect oxTrust API endpoints using UMA
  • #769 Try to use JSF2 as mail templates
  • #762 Expose API's for everything
  • #758 Couchbase Support
  • #739 Commit with Comment
  • #697 Gluu Server memory usage (3.1.0)
  • #551 Remove ou=appliances
  • #531 Translate resource bundles
  • #467 Support FileBackedHTTPResource for Shibboleth Config Files
  • #389 Create UI to configure IDP Initiated SAML Authentication
  • #388 Support SCIM Password Management Spec
  • #135 Store user pictures in FS
  • #104 New custom script type to pull data from RDBMS and other sources

Gluu Passport

  • #20 Communication betwen passport and auth script should be protected by token
  • #19 Passport should support dynamic mapping
  • #4 rename repo to oxPassport

Community Edition Setup

  • #462 Support Ubuntu 18.04.1 and deprecate 14.04 support
  • #452 Couchbase should not listen by default on all server IPs
  • #451 Don't prompt to install IDP if admin selected Couchbase as persistence DB
  • #450 Create additional Couchbase backends during install
  • #449 Command to import ldif into Couchbase
  • #448 Improve is couchbase up checking method
  • #431 Authentication scripts' levels need to be updated
  • #426 Merge node and passport script
  • #394 Strange attribute values in admin entry
  • #361 Upgrade: ldap data import too slow
  • #360 In setup script: allow selection of LDAP or Couchbase as the database
  • #351 Add oxMultivaluedAttribute to oxEnrollmentCode attribute
  • #284 Don't index binary tokens
  • #275 Configure firewall on host to open https port after installing CE
  • #254 Generate OP signing keys
  • #241 [Proposal] Staged Setup Process. Fixes #30
  • #219 Add command to generate JWKS
  • #170 Dockerizing Gluu Server
  • #102 Reporting metrics and statistics gathering in CE
  • #11 Add more attributes to admin user entry

oxShibboleth

  • #41 Some SAML flows will fail when several tabs of the same browser window initiate them in a quick succession/simultaneously
  • #35 Create authentication flow to replace RemoteUser flow
  • #30 SAML metadata is not processing properly
  • #25 Don't show stacktrace... ever
  • #24 SLO binding links are breaking IDP metadata
  • #16 /opt/shibboleth-idp/metadata/idp-metadata.xml (No such file or directory)
  • #15 Map AuthnContextClassRef --> acr in OpenID Connect
  • #10 Support ForceAuthn=true
  • #5 Override Logout Functionality

oxCore

  • #87 Merge 3.1.4 into Master
  • #85 Use JSON data types to store in Couchabse entries
  • #84 Move Persistence Factory crfeation code from oxAuth/oxTrust to oxPersistence
  • #83 Add new CacheProvider to store data in LDAp under ou=session
  • #82 Use one Coucbase environment
  • #81 Move Cocubase statistic to application-persistence.log
  • #80 Ldap persistence mechanism should support encryption methods which LDAP server doesn't support
  • #79 Update oxAuth/oxTrust to use oxLdap/oxCouchbase
  • #78 oxCouchbase should use SSL to connect server
  • #77 oxCouchbase should support LDAP CRYPT and SHA authentication mechanism
  • #74 findEntriesVirtualListView throwing exception if search takes longer than certain threshold
  • #67 Move ou=appliances under o=orgInum
  • #60 Update to Weld 3.0.2.Final in all projects
  • #58 Change org.xdi -> org.gluu
  • #57 Support Couchbase
  • #50 Add Jedis SSL support for redis cache communication
  • #44 Enable style checker maven plugin
  • #41 Implement weld extension to add Faces messages based on method outcome
  • #28 Create generic CacheService (without dependencies to ehcache)
  • #10 Specify Different Write / Read LDAP servers in ldap.properties
  • #9 Specify "failover" | "round robin" connection pool strategy in ldap.properties
  • #8 Map LDAP credentials to backend

SCIM-Client

  • #62 Add support for boolean custom attributes
  • #61 Migrate to com.fasterxml jackson serialization library
  • #60 Service metadata endpoints must reject the presence of filter query param
  • #59 Wrong modeling of SearchRequest and its schema
  • #57 Bugs in filter functionality
  • #56 Refactor Bulk Operation service code
  • #54 Move SCIM-related oxtrust.properties inside the "ScimProperties" object
  • #53 cases 10.2/10.3, Delete a user with If-Match etag
  • #52 cases 7.2/7.3, Retrieve a user with If-None-Match etag
  • #51 cases 5.13/5.14, Update a user with If-Match etag header
  • #49 case 6.3, Add a value to a multi-valued attribute with PATCH
  • #48 case 6.2, Update a multi-valued attribute with PATCH
  • #47 case 6.1, Update a simple attribute with PATCH
  • #45 cases 11.1/11.2, Searching with POST /.search
  • #44 cases 4.4/5.4/5.5/5.6, Handling of immutable attribute
  • #43 Groups endpoint allows writing non-existing members
  • #42 Group assignment for users should be done at /Group not through /Users endpoint
  • #41 Adjust /Schemas endpoint impl to pick attributes characteristics automatically
  • #40 cases 8.11/8.12, Retrieve a list of users with attributes query param (POST)
  • #39 Replace deprecated ProxyFactory usage in client code
  • #38 cases 7.4/7.5, Retrieve a user with attributes query param
  • #37 cases 8.3/8.4, Retrieve a list of users with attributes query param
  • #36 cases 5.8/5.9, Update a user with attributes query param
  • #35 cases 4.5/4.6, Create a user with attributes query param
  • #34 Remove hard-coded list of ISO3166 countries
  • #33 Enhance ResourceTypes endpoint
  • #32 Add a logging framework
  • #31 Remove redundant code in authorization check for SCIM service
  • #30 Service does not handle properly the attributes/excludedAttributes parameters
  • #29 Add support for PATCH verb to service
  • #28 In user retrieval JSON response has the type attribute malformed for certain multi-valued attributes
  • #27 Creating and retrieval operations return unexpected attributes
  • #26 Validate locale attribute
  • #25 Validate timezone attribute

Gluu Server 4.1 Roadmap

ETA: February, 2020

Highlights

  • Support for OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA)
  • Mutual TLS between OAuth client and server
  • Features related to the OpenID Connect FAPI profile
  • Support for all UK Open Banking requirements
  • Couchbase optimizations

Gluu Server 4.2 Roadmap

ETA: May, 2020

Highlights

  • More oxTrust auditing and reporting features
  • Updates to conform with lastest FIDO2 spec including TLS channel binding, and attestation certificate validation
  • New interception scripts: Front Channel logout, Post-Authn Authorize
  • OpenID Back channel logout

Gluu Server 4.3 Roadmap

ETA September, 2020

Highlights

  • OpenID Connect Line Item Scope Approval
  • OpenID Connect iFrame implicit flow
  • Add Support for OAuth2 Device Flow

Gluu Server 4.4

ETA February 2021

Highlights

  • Improvements to live interception script debugging
  • Synchronize CAS logout with OpenID Connect logout
  • Improved telemetry
  • New .well-known endpoint to publish acr configuration