Gluu Gateway 3.1.3#


Gluu Gateway is an API Gateway that leverages the open source Gluu Server for central client management and access control, and inherits core gateway functionality from the open source Kong API Gateway.


Gluu Gateway adds the following functionality to the Kong API Gateway:

  • Leverage Gluu's OAuth 2.0 authorization server for central client authentication.
  • Control access to APIs using OAuth and UMA scopes.
  • GUI to manage Kong API, Consumer and Plugin objects.
  • API Dashboard to configure and monitor the health of your servers.
  • Backup, restore and migrate Kong instances using snapshots.

Access Control#

Gluu Gateway enables API access management via OAuth scopes, UMA scopes or both ("mix mode").

OAuth Mode#

In the OAUTH Mode, an OAuth token is generated with the use of Consumer credentials (oxd_id, client_id and client_secret). Then a call with the access token is made to Kong which proxies the Upstream API. You can read more about Consumer credentials in the Consumer section.

UMA Mode#

In the UMA Mode, an RPT token is generated by sending UMA Plugin credentials to Gluu Gateway. After checking the access and obtaining a ticket, you can generate an access token which is used to make an API request. You can read more about UMA in Gluu OAuth 2.0 UMA RS plugin.

Mix Mode#

In the Mix Mode, an OAuth token is generated with the use of Consumer credentials (oxd_id, client_id and client_secret). Optionally, the client can also send pushed claims with the UMA_PUSHED_CLAIMS header. You can make an API call using an access token. Gluu Gateway will proxy the Upstream API, automatically executing the UMA flow without any user input.


Gluu Gateway makes use of the following software components:

  • Kong v0.11.x: An open source API Gateway and Micro services Management Layer, delivering high performance and reliability.

  • Gluu Konga Admin GUI: A web administration portal, based on Konga GUI, to manage your Gluu Gateway.

  • Gluu Gateway plugins: Use Gluu Server for central client management and to control access to upstream APIs using OAuth 2.0 and UMA 2.0.

  • oxd-Server v3.1.3.1: An OpenID Connect and UMA middleware service used to enable client credential management and cryptographic validation against an OAuth 2.0 Authorization Server, like the Gluu Server.

  • Others: The following runtime environment is required by the Gluu Gateway package:

    • OpenJDK v8
    • Python v2.x
    • Postgres v10
    • Node v8.9.4
    • NPM v5.6.0'

Get Started#

Use the following links to get started:

  1. Installation
  2. Configuration
  3. Admin GUI
  4. Plugins
    1. Admin GUI
    2. Admin API
  5. FAQ

Business Model#

Gluu Gateway uses free open source software components to achieve its API gateway functionality. To obtain client credentials and leverage access management policies from the central authorization server (i.e. the Gluu Server), Gluu Gateway uses commercial OAuth 2.0 client software called oxd.

  • oxd offers a freemium pricing model based on the number of active OAuth2 clients it creates in an authorization server.

  • oxd creates two clients in the authorization server for each API secured by Gluu Gateway.

  • The first 10 clients created by oxd each month are free. Additional clients active for longer than 5 consecutive days are billed $10 per month.

  • Learn more about oxd's freemium pricing model in the docs.


Gluu Gateway leverages software written by Gluu and incorporated from other projects. The license for each software component is listed below.

Component License
Kong API Gateway Apache2
Konga GUI MIT License
Gluu Gateway plugins MIT License
oxd-Server OXD License