oxTrust is a single-point of administration for all components of Gluu 4.x servers. It includes an identity synchronization engine for external LDAP user stores. In addition to a web interface, oxTrust also provides an API to enable the automation of many tasks.
Gluu Server 4.x offers REST APIs for the oxTrust Admin GUI. With the REST API, server configurations can be automated, new GUIs can be built to expose specific admin functionality, and other integrations can be created for the Gluu admin portal.
The Passport authentication middleware enables inbound identity for SAML, OAuth, and OpenID Connect (all of which can be referred to as “inbound identity”). Passport normalizes the process of supporting user authentication at external identity providers and user registration in your Gluu Server.
The Gluu Server is shipped with a user registration script that implements a very basic user registration process.
oxTrust allows users to perform self-registration. In order to control/validate user registrations there is the user registration script type.
LDAP Synchronization, a.k.a. Cache Refresh, is the process of connecting one or more existing backend LDAP servers, like Microsoft Active Directory, with the Gluu Server’s local LDAP server. Synching people and attributes from a backend server speeds up authentication transactions. It is possible to perform attribute transformations, changing the name of attributes, or even using an interception script to change the values.
The Gluu Server acts as a SAML identity provider (IDP) to support outbound SAML single sign-on (SSO).
In oxTrust use NameID or Name Identifier is used to identity the “subject” of a SAML assertion.
Interception Scripts
Interception scripts can be used to implement custom business logic for authentication, authorization and more in a way that is upgrade-proof and doesn’t require forking the Gluu Server code. Each type of script is described by a Java interface — i.e. which methods are required.
oxTrust enables administrators to manage what information about people is being exposed to partner websites. oxTrust is also the local management interface that handles other server instance specific configurations, and provides a mechanism for IT administrators to support people at the organization who are having trouble accessing a website or network resource.
The Gluu Server administration interface is accessible by navigating to a fully qualified domain name provided during setup.
After successful authentication, the administrator is taken to the Dashboard. Some basic information about the VM/server is displayed, as well as the server version, free memory, and disk space. A metrics graph is shown to report some quick statistics about user authentications handled by the service. In the top right, there is a user icon which can be used to log out of oxTrust. The left-hand menu is used to navigate the admin interface.
oxTrust is a single-point of administration for all components of Gluu 4.x servers. It includes an identity synchronization engine for external LDAP user stores. In addition to a web interface, oxTrust also provides an API to enable the automation of many tasks.
Gluu Server 4.x offers REST APIs for the oxTrust Admin GUI. With the REST API, server configurations can be automated, new GUIs can be built to expose specific admin functionality, and other integrations can be created for the Gluu admin portal.
Admin REST APIs
Gluu Server 4.X offers REST APIs for the oxTrust Admin GUI. With the REST API, server configurations can be automated, new GUIs can be built to expose specific admin functionality, and other integrations can be created for the Gluu admin portal.
• api-client
• api-model
• api-rest
• api-server
API for user, group and FIDO device management
Another core component, this server provides the enrollment and authentication endpoints which enable people to use USB, bluetooth or platform FIDO credentials.
The heart of the Janssen Project, this is the server that provides the OpenID Connect and OAuth endpoints.
The configuration API is required to configure Jans Auth Server
Self-service web portal for end-users to manage devices and other multi-factor authentication.
Interface to simplify the management and configuration of Jans Auth Server
The Command Line Interface provides an interactive menu-driven mode for admins who don’t want to struggle with lengthy curl commands.
API for user, group and FIDO device management
Open Provider / OAuth Authorization Server
oxTrust is a single-point of administration for all components of Gluu 4.x servers.
Another core component, this server provides the enrollment and authentication endpoints which enable people to use USB, bluetooth or platform FIDO credentials.
Enables social login.
SAML IDP
Self-service web portal for end-users to manage devices and other multi-factor authentication.
OAuth / OpenID client middleware service