Gluu Casa Self-Service Web Portal for Authentication
Easily Manage User Authentication Credentials
Consumer identity providers like Google enable end-users to view, add and remove strong credentials via a web page.
Gluu Casa lets your organization do the same by providing a single point of management for end-users to view, enroll and remove MFA credentials including hardware tokens, software tokens, commercial services (like Duo), social login, biometrics and mobile.
By enabling users to register multiple strong credentials with Casa, if they lose one it’s not a problem. They can log in, remove the lost credential and register a replacement.
Casa is brandable too and you can write your own custom plugins to support new multi-factor credentials or other requirements.
Casa Overview
Gluu Casa (“Casa”) is a self-service web portal for end-users to manage authentication credentials, social login accounts, and other authorization preferences for their account in a Gluu Server.
For example, as people interact with an organization’s digital services, they may need to:
- Enroll, delete or edit two-factor authentication (2FA) credentials for their account (e.g. FIDO security keys, mobile apps, phone numbers, etc.)
- Turn 2FA on and off
- View and manage which external apps have been authorized to access personal data
- View trusted devices
Casa provides a platform for people to perform these account security functions and more.
Two-Factor Authentication
The core use case for Casa is self-service 2FA. If people need to call the helpdesk every time they get a new phone or security key, supporting strong authentication becomes prohibitively expensive.
Out-of-the-box, Casa can be used to enroll and manage the following authenticators:
- FIDO2/U2F security keys like Yubikeys
- Gluu’s U2F push-notification mobile app, Super Gluu
- OTP hardware cards like these or dongles like these
- OTP mobile apps like Google Authenticator, FreeOTP, etc.
- Mobile phone numbers able to receive OTPs via SMS
- Passwords (if stored in the corresponding Gluu Server’s local database, i.e. not a backend LDAP like AD)
Additional authenticators and use cases can be supported via custom plugins.
2FA enrollment APIs
To facilitate 2FA device enrollment during account registration, or elsewhere in an application ecosystem, Casa exposes APIs for enrolling the following types of authenticators:
- Phone numbers for SMS OTP
- OTP apps, cards or dongles
- Super Gluu Android and iOS devices
- FIDO2 security keys
Learn more in the developer guide.
Configuration via APIs
Besides a comprehensive graphical admin console, application settings can also be manipulated by means of the configuration API.
Plugin Oriented
Casa is a plugin-oriented, Java web application. Existing functionality can be extended and new functionality and APIs can be introduced through plugins.
Learn more in the developer guide.
Existing Plugins
Gluu has written a number of plugins to extend Casa, including plugins for:
API for user, group and FIDO device management
Another core component, this server provides the enrollment and authentication endpoints which enable people to use USB, bluetooth or platform FIDO credentials.
The heart of the Janssen Project, this is the server that provides the OpenID Connect and OAuth endpoints.
The configuration API is required to configure Jans Auth Server
Self-service web portal for end-users to manage devices and other multi-factor authentication.
Interface to simplify the management and configuration of Jans Auth Server
The Command Line Interface provides an interactive menu-driven mode for admins who don’t want to struggle with lengthy curl commands.
API for user, group and FIDO device management
Open Provider / OAuth Authorization Server
oxTrust is a single-point of administration for all components of Gluu 4.x servers.
Another core component, this server provides the enrollment and authentication endpoints which enable people to use USB, bluetooth or platform FIDO credentials.
Enables social login.
SAML IDP
Self-service web portal for end-users to manage devices and other multi-factor authentication.
OAuth / OpenID client middleware service