edit

Gluu Server Community Edition (CE) 3.1.3 Documentation#

Introduction#

The Gluu Server is a container distribution of free open source software for identity and access management (IAM). SaaS, custom, open source and commercial web and mobile applications can leverage a Gluu Server for user authentication, identity information, and policy enforcement.

Common use cases include:

  • Single sign-on (SSO)
  • Mobile authentication
  • API access management
  • Two-factor authentication (2FA)
  • Customer identity and access management (CIAM)
  • Identity federation

Free Open Source Software#

The Gluu Server distribution includes the following free open-source software (FOSS):

  • oxAuth*: OAuth 2.0 Authorization Server (AS), OpenID Connect Provider (OP) and UMA Authorization Server (AS)
  • oxTrust*: Admin GUI
  • Shibboleth IDP: SAML identity provider (IDP)
  • Passport.JS: Authentication middleware to support inbound identity, for instance social login
  • Gluu OpenDJ or OpenLDAP*: Directory server where all Gluu user data, session data, etc. is stored. For clustered deployments, we recommend using Gluu's fork of OpenDJ
  • Apache2 Web Server*: HTTP services
  • JCE 1.8*: Java cryptography extension
  • oxAuth RP: Simple one-page app that provides sample requests and responses for all OpenID Connect operations

* Required component.

Learn more about the open source licenses in use below.

Open Web Standards#

Gluu includes software that implements the following open web standards for authentication, authorization, federated identity, and identity management:

  • OAuth 2.0
  • OpenID Connect
  • User Managed Access 2.0 (UMA)
  • SAML 2.0
  • System for Cross-domain Identity Management (SCIM)
  • FIDO Universal 2nd Factor (U2F)
  • Lightweight Directory Access Protocol (LDAP)

Installation#

Gluu publishes Linux packages for Ubuntu, CentOS, RHEL and Debian operating systems. Follow our VM preparation guide to get started.

Directory Service#

All data used and generated by the Gluu Server is stored in the local Gluu LDAP deployed during installation. The LDAP includes complete details about OpenID Connect and UMA clients, user objects, and more. Learn more in the user management guide

If existing identities are stored in Active Directory or a backend LDAP V3 server, data can be synced to Gluu using the Cache Refresh process.

Note

The Gluu Server always needs a copy of identity data stored locally.

Identity Management#

Identity and object data such as user profiles, configuration data, tokens and credentials can be managed via the "oxTrust" admin interface or using an LDAP browser, as specified in the user management guide.

The Gluu Server also supports the SCIM protocol in order to standardize communication between identity data stores and make it fast, cheap, and easy to move users in to, out of, and around the cloud.

Note

The Gluu Server does not include features for delegated administration, role definition, approvals and workflows, etc. In enterprise workflows, Gluu is a consumer of information from identity management and governance systems.

Single Sign-On (SSO)#

The Gluu Server is an identity provider (IDP) in single sign-on (SSO) workflows. Users from web and mobile applications are redirected to Gluu for "sign-on", and are then redirected back to applications with an active session and claims (or attributes) about themselves.

Learn how to configure the Gluu Server's OpenID Connect Provider (OP) and SAML Identity Provider (IDP) in the admin guide.

Learn how to secure and integrate web and mobile apps in the SSO integration guide.

Strong Authentication#

A central authentication system like Gluu enables strong authentication to be enforced for many applications in one place. The Gluu Server was designed to support a wide range of authentication mechanisms and custom business logic for how authentication should be applied during the user sign-in process.

Learn how to configure the Gluu Server's out-of-the-box and custom strong authentication options in the authentication guide.

Access Management#

The Gluu Server supports the User Managed Access (UMA) 2.0 profile of OAuth 2.0, which provides a RESTful, JSON-based approach to coordinating the protection of APIs and web resources. UMA does not standardize a policy expression language, enabling flexibility in policy expression and evaluation through XACML, other declarative policy languages or procedural code as warranted by conditions.

Learn more about using the Gluu Server for access management in the UMA docs.

Support#

Gluu offers free and VIP support! Anyone can browse or register and post questions on the Gluu support portal. Tickets opened by the community are public, and we do our best to answer them in a timely manner.

Private support, guaranteed response times and consultative support are available with a paid support contract. For more information, see our website.

Contribute#

We want to keep improving our docs. Please help us improve by submitting any improvements to our Documentation Github. If you're a Github pro, submit a pull request. If not, just open an issue on any typos, bugs, or improvements you'd like to see addressed. We need your help... even if you're not a coder, you can contribute!

License#

The Gluu Server is a container distribution composed of software written by Gluu and incorporated from other open source projects. Gluu projects are frequently prefixed with our open source handle: ox (e.g. oxAuth, oxTrust). Any code in the Gluu Server that we wrote is MIT license, and is available on Github. The license for each software component is listed below.

Component License
oxAuth MIT License
oxTrust MIT License
Shibboleth IDP Apache2
OpenDJ CDDL
OpenLDAP OpenLDAP Public License
Passport-JS MIT License
UnboundID LDAP SDK UnboundID LDAP SDK Free Use License
Jetty / Apache HTTPD Apache2
JCE 1.8 Oracle Binary License Agreement
Asimba GNU APGL 3.0