The Gluu Server uses this component to enable social login. With over 300 existing integrations, Passport provides a crowd-sourced approach to offering users social login at popular consumer IDPs. Passport not only normalizes authentication, it also provides a standard mechanism to map user claims.
Gluu Passport is built upon the popular authentication middleware Passport.js, which supports plugins (AKA “Strategies“) that allow integration of identity providers easily. There are hundreds of strategies available in the Node.js Package Registry: npm. Any OAuth strategy can be supported.
Authentication Flow
After users authenticate at the external social identity provider, the control flows back to Janssen Authentication server where the user is verified and the user-id is provisioned into the Janssen server.
Role of Passport-JS project and Janssen’s Authentication server
- The passport-js project encrypts and signs user data before passing it to the Janssen server.
- Janssen Auth server verifies the received JWT, decrypts data, add/update user into LDAP, and marks the user as authenticated. Check Script Code For details.
Out of the box, the following external identity providers can be integrated:
- SAML IDPs
- OpenId Connect OPs (with standard communication or via Gluu’s mediator old server)
- OAuth (v1.0 or v2.0) Authorization Servers
Typical usage of OAuth inbound identity is for supporting social login, ie. making your users log in to your application by using their existing accounts at popular sites like Facebook, Twitter, Github, etc.
API for user, group and FIDO device management
Another core component, this server provides the enrollment and authentication endpoints which enable people to use USB, bluetooth or platform FIDO credentials.
The heart of the Janssen Project, this is the server that provides the OpenID Connect and OAuth endpoints.
The configuration API is required to configure Jans Auth Server
Self-service web portal for end-users to manage devices and other multi-factor authentication.
Interface to simplify the management and configuration of Jans Auth Server
The Command Line Interface provides an interactive menu-driven mode for admins who don’t want to struggle with lengthy curl commands.
API for user, group and FIDO device management
Open Provider / OAuth Authorization Server
oxTrust is a single-point of administration for all components of Gluu 4.x servers.
Another core component, this server provides the enrollment and authentication endpoints which enable people to use USB, bluetooth or platform FIDO credentials.
Enables social login.
SAML IDP
Self-service web portal for end-users to manage devices and other multi-factor authentication.
OAuth / OpenID client middleware service