edit

Gluu Server Community Edition (CE) 3.0.2 Documentation#

Introduction#

The Gluu Server is a free open source identity and access management (IAM) platform. The most common use case for the Gluu Server is Single Sign-On (SSO). Other common use cases include mobile authentication, API access management, two-factor authentication, customer identity and access management (CIAM) and identity federation.

The Gluu Server is a container distribution composed of software written by Gluu and incorporated from other open source projects. Gluu projects are frequently prefixed with our open source handle: ox (e.g. oxAuth, oxTrust). Any code in the Gluu Server that we wrote is MIT license, and is available on Github.

SaaS, custom, open source and commercial software can be made more secure by leveraging a central authentication and authorization service. Because there are so many different kinds of apps, there is no way to "top down" implement proprietary security mechanisms. This is why open standards are so important for IAM.

While there are many open protocols for IAM, Gluu focuses on just a few. Consolidation saves money, and one-off integrations should be avoided. Our goal was to support the most widely adopted older protocols, and the most promising new protocols.

The Gluu Server supports the following open web standards for authentication, authorization, federated identity, and identity management:

  • OAuth 2.0
  • SAML 2.0
  • OpenID Connect
  • User Managed Access (UMA)
  • System for Cross-domain Identity Management (SCIM)
  • FIDO Universal 2nd Factor (U2F)
  • Lightweight Directory Access Protocol (LDAP)

If this is your first exposure to the Gluu Server, welcome to the community! We want to see the ecosystem flourish, and ultimately make the Internet a safer, more privacy protected place. In order to do that, we believe we need to keep the Gluu Server free so all kinds of organizations can use, contribute and benefit from the software.

These docs are not perfect! Please help us make them so by submitting any improvements to our Documentation Github. If you're a Github pro, submit a pull request. If not, just open an issue on any typos, bugs, or improvements you'd lie to see. We need your help... even if you're not a coder, you can contribute!

Persistence#

The Gluu Server uses the open source OpenLDAP server as its internal directory server to store data generated by the service, such as user profiles, configuration data, tokens and credentials.

oxd Client Software#

You can use any existing or custom written SAML or OpenID Connect client software to secure web applications with the Gluu Server and achieve single sign-on (SSO). However, you may want to consider using our commercial OpenID Connect client software, oxd, for the following reasons:

  1. oxd is super-easy to use;
  2. We keep updating oxd to address the latest OAuth 2.0 security knowledge;
  3. We can provide more complete end-to-end support if we know both the client and server software;
  4. In addition to a simple JSON/REST API, there are oxd libraries for Php, Python, Java, Node, Ruby, C#, Perl and Go;
  5. There are oxd plugins for many popular applications like: Wordpress, Drupal, Magento, OpenCart, SugarCRM, SuiteCRM, Roundcube, Shopify, and Kong. More are being added too. Next on the list are: MatterMost, RocketChat, NextCloud, and Liferay.

Read the docs

Super Gluu Authentication App#

Super Gluu is a free authentication mobile app for iOS and Android. Super Gluu can be used to achieve multi-factor authentication to applications that use your free open source Gluu Server for login. Learn more in the Super Gluu docs.

Support#

Gluu provies free and VIP support! Anyone can browse or register and post questions on the Gluu support portal. Tickets opened by the community are public, and we do our best to answer them in a timely manner.

Private support, guaranteed response times, and consultative support are available with a paid support contract. For more information, see our website.

License#

All of Gluu's open source software is published under an MIT License. The licenses for other components are listed below.

Component License
Shibboleth IDP Apache2
OpenLDAP OpenLDAP Public License
Asimba GNU APGL 3.0
UnboundID LDAP SDK UnboundID LDAP SDK Free Use License
Passport-JS MIT License
Jetty / Apache HTTPD Apache2