Gluu Server Community Edition (CE) 3.1.1 Documentation#
Introduction#
The Gluu Server is a free open source identity and access management (IAM) platform. With a Gluu Server, you can offer a central authentication and authorization service for many SaaS, custom, open source and commercial web and mobile applications.
The most common use cases for the Gluu Server include:
- Single sign-on (SSO)
- Mobile authentication
- API access management
- Two-factor authentication
- Customer identity and access management (CIAM)
- Identity federation
Open Standards#
The Gluu Server includes software that implements open web standards for authentication, authorization, federated identity, and identity management:
- OAuth 2.0
- SAML 2.0
- OpenID Connect
- User Managed Access 2.0 (UMA)
- System for Cross-domain Identity Management (SCIM)
- FIDO Universal 2nd Factor (U2F)
- Lightweight Directory Access Protocol (LDAP)
Free Open Source Software#
All software included in the Gluu Server distribution is free open source software that can be used in production for free. Learn more about the open source licenses in use below.
Installation#
The Gluu Server can be installed on the cloud provider of your choice using one of our Linux packages for Ubuntu, CentOS, RHEL and Debian. Follow our VM preparation guide to get started.
Directory Service#
All data generated by the Gluu Server is stored in the local Gluu OpenLDAP that is included during installation. In the LDAP you can see full details like how OpenID Connect and UMA clients are stored and how user objects are mapped in the LDAP tree. Learn more in the user management guide
If you have an existing Active Directory or backend LDAP server, you can sync data to your local Gluu OpenLDAP using the Cache Refresh process.
Note
The Gluu Server always needs identity data stored locally. Without a local copy of identity data, the service will not work.
Identity Management#
Via the "oxTrust" admin interface, and using an LDAP browser, you can manage identity and object data such as user profiles, configuration data, tokens and credentials.
The Gluu Server does not do things like delegated administration, role definition, approvals and workflows, etc. In enterprise workflows, the Gluu Server is a consumer of identity management and governance data and policies.
If you have an existing identity management platform, or have written your own identity management tool(s), you can send identity data to the Gluu Server using the SCIM protocol.
Note
If you are looking for an open source IDM and governance platform, we recommend checking out Evolveum Midpoint.
Single Sign-On (SSO)#
The Gluu Server acts as an identity provider (IDP) in single sign-on (SSO) workflows. Users from web and mobile applications are redirected to Gluu for "sign-on", and when successful, are redirected back to applications with an active session and claims (or attributes) about themselves.
Learn how to configure the Gluu Server's OpenID Connect Provider (OP) and SAML Identity Provider (IDP) in the admin guide.
Learn how to secure and integrate web and mobile apps in the SSO integration guide.
Strong Authentication#
A central authentication system empowers you to enforce strong authentication for all your apps in one place. The Gluu Server was designed to be very flexible in accommodating not only a wide range of authentication mechanisms, but also custom business logic for how authentication should be applied during the user sign-in process.
Learn how to configure the Gluu Server's out-of-the-box and custom strong authentication options in the authentication guide.
Access Management#
The Gluu Server supports the User Managed Access (UMA) 2.0 profile of OAuth 2.0, which provides a RESTful, JSON-based approach to coordinating the protection of APIs and web resources. UMA does not standardize a policy expression language, enabling flexibility in policy expression and evaluation through XACML, other declarative policy languages, or procedural code as warranted by conditions.
Learn more about using the Gluu Server for access management in the UMA docs.
Support#
Gluu provies free and VIP support! Anyone can browse or register and post questions on the Gluu support portal. Tickets opened by the community are public, and we do our best to answer them in a timely manner.
Private support, guaranteed response times, and consultative support are available with a paid support contract. For more information, see our website.
Contribute#
These docs are not perfect! Please help us make them so by submitting any improvements to our Documentation Github. If you're a Github pro, submit a pull request. If not, just open an issue on any typos, bugs, or improvements you'd like to see. We need your help... even if you're not a coder, you can contribute!
License#
The Gluu Server is a container distribution composed of software written by Gluu and incorporated from other open source projects. Gluu projects are frequently prefixed with ox (e.g. oxAuth, oxTrust). The license for each software component available in the Gluu Server is listed below.
| Component | License |
|---|---|
| oxAuth | MIT License |
| oxTrust | MIT License |
| Shibboleth IDP | Apache2 |
| OpenLDAP | OpenLDAP Public License |
| Passport-JS | MIT License |
| UnboundID LDAP SDK | UnboundID LDAP SDK Free Use License |
| Jetty / Apache HTTPD | Apache2 |
| Asimba | GNU APGL 3.0 |