Gluu Server 4.5 Documentation#
Introduction#
The Gluu Server is a container distribution of free open source software (FOSS) for identity and access management (IAM). SaaS, custom, open source and commercial web and mobile applications can leverage a Gluu Server for user authentication, identity information, and policy decisions.
Common use cases include:
- Single sign-on (SSO)
- Mobile authentication
- API access management
- Two-factor authentication (2FA)
- Customer identity and access management (CIAM)
- Identity federation
Free Open Source Software#
The Gluu Server is a FOSS platform for IAM. Learn more about software licenses below
Open Web Standards#
The Gluu Server can be deployed to support the following open standards for authentication, authorization, federated identity, and identity management:
- OAuth 2.0
- OpenID Connect
- User Managed Access 2.0 (UMA)
- SAML 2.0
- System for Cross-domain Identity Management (SCIM)
- FIDO Universal 2nd Factor (U2F)
- FIDO 2.0 / WebAuthn
- Lightweight Directory Access Protocol (LDAP)
- Remote Authentication Dial-In User Service (RADIUS)
Installation#
Linux packages are available for Ubuntu, CentOS, RHEL and Debian operating systems, as well as Docker and Kubernetes containers. Follow our VM preparation guide to get started.
Directory Service#
All data used and generated by the Gluu Server such as details about OAuth clients, user objects, and more, is stored in the local Gluu LDAP deployed during installation. Gluu ships with a fork of OpenDJ as the default LDAP platform. Other LDAP platforms can be supported as well. Learn more in the user management guide
If existing identities are stored in Active Directory or a backend LDAP V3 server, data can be synced to Gluu using the Cache Refresh process.
Note
The Gluu Server always needs a copy of identity data stored locally.
Identity Management#
Identity and object data such as user profiles, configuration data, tokens and credentials can be managed via the "oxTrust" admin interface or using an LDAP browser, as specified in the user management guide.
The Gluu Server also supports the SCIM protocol which can be used to push data to the Gluu Server from external identity data sources like identity management systems and cloud applications.
Note
The Gluu Server does not include features for delegated administration, role definition, approvals and workflows, etc. In enterprise workflows, Gluu is a consumer of information from identity management and governance systems.
Single Sign-On (SSO)#
The Gluu Server is an identity provider (IDP) in single sign-on (SSO) workflows. Users from web and mobile applications are redirected to Gluu for "sign-on", and are then redirected back to applications with an active session and claims (or attributes) about themselves.
Learn how to configure the Gluu Server's OpenID Connect Provider (OP) and SAML Identity Provider (IDP) in the admin guide.
Learn how to secure and integrate web and mobile apps in the SSO integration guide.
Strong Authentication#
A central authentication system like Gluu enables strong authentication to be enforced for many applications in one place. The Gluu Server was designed to support a wide range of authentication mechanisms and custom business logic for how authentication should be applied during the user sign-in process.
Learn how to configure the Gluu Server's out-of-the-box and custom strong authentication options in the authentication guide.
Access Management#
The Gluu Server supports the User Managed Access (UMA) 2.0 profile of OAuth 2.0, which provides a RESTful, JSON-based approach to coordinating the protection of APIs and web resources. UMA does not standardize a policy expression language, enabling flexibility in policy expression and evaluation through XACML, other declarative policy languages or procedural code as warranted by conditions.
Learn more about using the Gluu Server for access management in the UMA docs.
Support#
Gluu offers free and VIP support! Anyone can browse or register and post questions on the Gluu support portal. Tickets opened by the community are public, and we do our best to answer them in a timely manner.
Private support, guaranteed response times and consultative support are available with a paid support contract. For more information, see our website.
Contribute#
We want to keep improving our docs. Please help us improve by submitting any improvements to our Documentation Github. If you're a Github pro, submit a pull request. If not, just open an issue on any typos, bugs, or improvements you'd like to see addressed. We need your help... even if you're not a coder, you can contribute!
License#
The Gluu Server is a container distribution of software written by Gluu and incorporated from other open source projects. Gluu projects are frequently prefixed with our open source handle: ox (e.g. oxAuth, oxTrust).
The license for each software component included in the container is listed below.
Component | License |
---|---|
oxAuth | Apache2 |
oxTrust | Apache2 |
Shibboleth IDP | Apache2 |
OpenDJ | CDDL |
Passport-JS | Apache2 |
TinyRADIUS | LGPL v2.1 |
UnboundID LDAP SDK | UnboundID LDAP SDK Free Use License |
Jetty / Apache HTTPD | Apache2 |
Amazon Corretto | GNU v2 with the Classpath Exception |