Gluu Server Community Edition (CE) 3.1.4 Documentation#
The Gluu Server is a container distribution of free open source software (FOSS) for identity and access management (IAM). SaaS, custom, open source and commercial web and mobile applications can leverage a Gluu Server for user authentication, identity information, and policy management.
Common use cases include:
- Single sign-on (SSO)
- Mobile authentication
- API access management
- Two-factor authentication (2FA)
- Customer identity and access management (CIAM)
- Identity federation
Free Open Source Software#
The Gluu Server is a FOSS platform for IAM. Learn more about software licenses below.
Open Web Standards#
Gluu supports open web standards for authentication, authorization, federated identity, and identity management, including:
- OAuth 2.0
- OpenID Connect
- User Managed Access 2.0 (UMA)
- SAML 2.0
- System for Cross-domain Identity Management (SCIM)
- FIDO U2F & UAF
- Lightweight Directory Access Protocol (LDAP)
All data used and generated by the Gluu Server, such as details about OAuth clients, user objects, and more, is stored in the local Gluu LDAP deployed during installation. Gluu ships with a fork of OpenDJ as the default LDAP platform. Other LDAP platforms can be supported as well. Learn more in the user management guide
If existing identities are stored in Active Directory or a backend LDAP V3 server, data can be synced to Gluu using the Cache Refresh process.
The Gluu Server always needs a copy of identity data stored locally.
Identity and object data such as user profiles, configuration data, tokens and credentials can be managed via the "oxTrust" admin interface or using an LDAP browser, as specified in the user management guide.
The Gluu Server also supports the SCIM protocol, which can be used to push data to the Gluu Server from external identity data sources.
The Gluu Server does not include features for delegated administration, role definition, approvals and workflows, etc. In enterprise workflows, Gluu is a consumer of information from identity management and governance systems.
Single Sign-On (SSO)#
The Gluu Server is an identity provider (IDP) in single sign-on (SSO) workflows. Users from web and mobile applications are redirected to Gluu for "sign-on", and are then redirected back to applications with an active session and claims (or attributes) about themselves.
Learn how to secure and integrate web and mobile apps in the SSO integration guide.
A central authentication system like Gluu enables strong authentication to be enforced for many applications in one place. The Gluu Server was designed to support a wide range of authentication mechanisms and custom business logic for how authentication should be applied during the user sign-in process.
Learn how to configure the Gluu Server's out-of-the-box and custom strong authentication options in the authentication guide.
The Gluu Server supports the User Managed Access (UMA) 2.0 profile of OAuth 2.0, which provides a RESTful, JSON-based approach to coordinating the protection of APIs and web resources. UMA does not standardize a policy expression language, enabling flexibility in policy expression and evaluation through XACML, other declarative policy languages or procedural code as warranted by conditions.
Learn more about using the Gluu Server for access management in the UMA docs.
Gluu offers free and VIP support! Anyone can browse or register and post questions on the Gluu support portal. Tickets opened by the community are public, and we do our best to answer them in a timely manner.
Private support, guaranteed response times and consultative support are available with a paid support contract. For more information, see our website.
We want to keep improving our docs. Please help us improve by submitting any improvements to our Documentation Github. If you're a Github pro, submit a pull request. If not, just open an issue on any typos, bugs, or improvements you'd like to see addressed. We need your help... even if you're not a coder, you can contribute!
The Gluu Server is a container distribution composed of software written by Gluu and incorporated from other open source projects. Gluu projects are frequently prefixed with our open source handle: ox (e.g. oxAuth, oxTrust). Any code in the Gluu Server that we wrote is MIT license, and is available on Github. The license for each software component is listed below.
|UnboundID LDAP SDK||UnboundID LDAP SDK Free Use License|
|Jetty / Apache HTTPD||Apache2|
|JCE 1.8||Oracle Binary License Agreement|
|OpenLDAP||OpenLDAP Public License|
|Asimba||GNU APGL 3.0|