Gluu Casa 3.1.6 Documentation#
Gluu Casa ("Casa") is a self-service web portal for end-users to manage security preferences for their account in a Gluu Server.
For example, as people interact with an organization's digital services, they may need to:
- Add and remove two-factor authentication (2FA) credentials
- Turn 2FA on and off
- View which external apps have access to their personal data
- Manage trusted devices
Casa provides a platform for people to perform these account security functions and more.
The core use case for Casa is self-service 2FA. If people need to call the helpdesk every time they get a new phone or security key, supporting strong authentication becomes prohibitively expensive.
Out-of-the-box, Casa can be used to enroll and manage the following authenticators:
- U2F security keys like Yubikeys
- Gluu's push-notification mobile app, Super Gluu
- OTP hardware cards like these or dongles like these
- OTP mobile apps like Google Authenticator, Authy, Duo, etc.
- Mobile phone numbers able to receive OTPs via SMS
- Passwords (if stored locally in Gluu, i.e. not a backend LDAP like AD)
2FA enrollment APIs#
To facilitate 2FA enrollment during account registration or elsewhere in an application ecosystem, Casa exposes APIs for enrolling the following types of authenticators:
- Phone numbers for SMS OTP
- OTP apps, cards or dongles
- Super Gluu Android and iOS devices
Learn more in the developer guide.
Casa is a plugin-oriented, Java web application. Existing functionality can be extended and new functionality and APIs can be introduced through plugins.
Gluu has written multiple plugins to extend Casa to solve use-cases such as:
To extend Casa to meet your own custom requirements, learn more about writing plugins in the developer guide.
Use the following links to get started with Casa:
Gluu Casa is made available under Apache License 2.0.