Skip to content


Thanks for your interest in Casa! Follow the instructions below to spin up an instance of Casa to offer end-users self-service 2FA and more for their account(s) in your Gluu Server.

View screenshots in the User Guide.

Installation via Linux Packages#

Starting with version 4.1, Casa is offered as one of the several components of the Gluu Server CE. To include Casa in your instance, just ensure to hit Y when prompted at installation time.

Important notes:

  • Account for 1GB of additional RAM than you use in a standard CE installation. See Gluu Server system requirements

  • It is required your installation was configured to use a FQDN for hostname, not an IP address

  • Apache and oxAuth are required components

  • Casa requires oxd 4.x to operate. Ideally you would use a ready-to-use external oxd server (its location is prompted upon installation); if you don't have such a server, one will be installed for you locally.

Finish setup#

After installation, you can access the application at https://<host>/casa.

For the first time the application will try to register an OpenID Connect client via oxd. If this operation fails due to network problems or SSL cert issues, login will not work. Please refer to the FAQ for troubleshooting.


To change the default URL path for Casa follow the steps listed here. It is advisable to apply this customization before credentials are enrolled.

Unlocking admin features#

Recall admin capabilities are disabled by default. To unlock admin features follow these steps:

  1. Navigate inside chroot to /opt/gluu/jetty/casa/
  2. Create an empty file named .administrable (ie. touch .administrable)
  3. Logout in case you have an open browser session


Once you have configured, tailored, and tested your deployment thoroughly, you are strongly encouraged to remove the marker file. This will prevent problems in case a user can escalate privileges or if some administrative account is compromised.