IAM Open Source

Helping nations build trusted digital identity Citizens want to use the Internet to connect to their government for a myriad of reasons. Wouldn't it be great if you could use…

"Building Identity Journeys with Low Code" with Mike Schwartz at APAC Digital Identity Unconference 2023 Modern authentication has evolved significantly. In the past, a single web page, typically a username/password…

Gluu 4.4.2 Release Notes  GluuFederation/oxcore  refactor: class smtp_connect_protection_type has been updated (according to sonar requirements); feat: encrypting keystore password has been added; feat: improvement of sending emails has been added;…

Whispeak and Gluu Launch New Strategic Partnership Whispeak voice authentication integrated with Gluu 4. X server distribution to simplify the adoption of secure voice recognition biometric authentication.  Lille, France —…

3 Ways Banks Secure their Open Banking APIs with Gluu Open Banking initiatives enable third parties to process financial transactions for consumers, creating new competitive offerings. Open banking is not…

Gluu 4 supports Apple platform FIDO 2 / WebAuthn authenticators like TouchID The first laptop to build in FIDO was the Google Pixelbook (RIP). It was a little geeky--you enabled…

Strong Protection in the Era of Rising Threats Today's cyberspace and IT systems have transformed from a uniformed homogeneous structure brought on by a fixed workspace and data center system…

Provision Users for AWS Access with Gluu This article will guide you through how to use SCIM to provision users on a Gluu 4 instance and configure Single-Sign-On (SSO) with…

3 Steps to configure the Gluu Server as a SAML IDP for SSOC This article will guide you through the process of a Service Provider (SP) initiated SAML flow for…

Integrating Gluu Server with tru.ID It's a modern axiom that passwords are bad. But there are still many deployment challenges for organizations to rollout two-factor authentication, such as requiring end…

Gluu Advisory: Okta Twilio Cyberattack Gluu would like to provide this bulletin to advise our community about the recent attacks on Twilio the suggested OTP SMS service configured through oxAuth…

Enable FIPS mode via RHEL 8 with the DISA STIG security profile A Secure Technical Implementation Guide ("STIG") is a document published by the Department of Defense Cyber Exchange (DoD), which…

Gluu 4.4.1 Release Notes Updates for stability, the introduction of an allowlist and blocklist for redirect_uris (which enhances security if this optional parameter is used) and more secure email handling…

Gluu Server in the Cloud with Casa Love the freedom of open source digital identity, but don't want the deployment hassle? Gluu Solo might be for you. With Gluu Solo, you…

Is SSI needed for Web3? The illustration below, trying to explain Web 3 identity, is from an article published on Medium about efforts to develop a new European digital wallet.…

Decentralized ID Part 3: Credential and DID Methods In part one of this blog series, we outlined some of the trust challenges facing the implementation of decentralized identity. In part…

Decentralized Identity, Part 2: Walletopia If you missed Part 1, you can check it out here. In Part 2, we’re going to talk about wallets--a software category that is the…

Decentralized Identity: Part One -- Trust Last month, Nick Kramer and I moderated a discussion on Decentralized Identity at the WAGMAS Web3 Summit.  To prepare for this discussion, we interviewed…

Multi-Master Multi-Cluster LDAP (OpenDJ) replication in Kubernetes? A controversial view OverviewOpenDJ is a Lightweight Directory Access Protocol (LDAP) compliant distributed directory written in Java. Many organizations use it as a…

How to Use Gluu 4.X in Teleport Use Gluu 4.x IAM as a single source of truth for controlling user access to infrastructure such as databases, vm's and Kubernetes clusters…

Components of Gluu The goal of Gluu is to be the best open-source IAM platform and to have the lowest total cost of operation (TCO). This has been done by…

Scaling your CIAM with Managed RDBMS for Resiliency An important cloud native design principle is “Resiliency”.  A resilient system embraces failure instead of trying to prevent it.  A resilient database…

Hosted vs Self-hosted Identity and Access Management Solution Which one is right for your organization? Is your organization ready to develop and operate a consumer / client identity and access…

Moving Open Banking towards Open Source in Brazil Gluu announces that its Open Banking Distribution, based on the Linux Foundation Janssen project, meets all certification criteria for FAPI OpenID for…

Which is the right MFA solution? We can all agree that if you want to protect your organization’s data, you will need to enforce multi-factor authentication (MFA) for your users.…

Self-Service Account Security with Gluu Casa To improve the usability of two-factor authentication (2FA), organizations need to offer people self-service tools.  That’s why we’ve introduced Casa.As people interact with an organization’s digital…

How to Secure API’s according to Gluu API’s are ubiquitous, so you’d think how to secure them is an established practice--except it’s not. The goal of this blog is to…

Gluu 2022 Open Source Strategy Since we started Gluu in 2009, the mission has not changed: to build a business that supports the development of an open source identity and…

Patching the log4J libraries in Gluu software Gluu’s products are primarily Java based software. Not surprisingly, we use log4J. Like most software vendors, we have been responding and updating our…

Will the 3PCD Apocalypse Break the Web? Browsers to Block 3rd party cookies one day in 2023. Don’t worry ico-man! But you may want to duck and cover… NOW! What…

Gluu 4.3 is the Best Release Ever! In a lot of ways, not that much is new--the goal of Gluu Server 4.x is stability. But, we did add a few…

OpenID enables Stytch passwordless authentication with Gluu Casa Stytch is a developer-friendly authentication SaaS that makes it easy to use passwordless technologies to protect your applications.  At Gluu, we test…

Gluu and AArete announce partnership to offer hosted digital identity on any cloud. Austin, Texas, September 9, 2021 - Gluu, a leading digital identity software vendor, and AArete (“uh-reet”), a…

Detecting "Impossible Travel" with your Gluu Server and Deduce How can a user login from London, and one hour later, login from Sydney? Not even Virgin Galactic can get you…

How to Use Device and Location for 2FA Leverage contextual information to implement intelligent authentication workflows in the Gluu Server. Two-factor authentication (2FA) is proven to increase account security, but…

RIP “Cloud LDAP”: Moving digital identity persistence to a Cloud Native Database All digital identity platforms need some kind of database. Traditionally, that database was a Berkeley DB key/value store,…

Server-side Facial Authentication BioID is a server side biometric platform that uses face, voice and eye modalities and liveness detection. Organisations can self-host or use BioID’s hosted API as a service.…

Quickly Build PSD2 Compliance Gluu Server is certified to conform with the Financial Grade OpenID Provider(FAPI) profile. Called “FAPI” for short, this profile provides detailed requirements for the security features needed to…

Netbr announces ready-to-deploy technology platform for Open Banking Sao Paulo based Identity specialist Netbr announces readiness to meet BCB deadlines. With Phase 2, Phase 3 and Phase 4 of the…

Apply Security to Clinical Trials and Reduce User Verification Friction. Pharmaceutical companies have been leveraging cloud services for many years. This is especially true for clinical trials which use many…