What's new in Gluu Server v3#
Gluu Server 3.1.x#
Gluu Sever 3.1.x offers improved performance and functionality.
OpenID Connect Provider Re-certification#
Gluu Server 3.1.x is certified for all five OpenID Connect Provider flows: Basic OP, Implicit OP, Hybrid OP, Config OP, Dynamic OP.
Gluu 3.1.x is the first commercially supported IAM server to implement the UMA 2.0 specification. UMA now aligns completely with OAuth 2.0. It also re-defines the claims gathering flow, enabling developers to implement multi-step consent, user-interactions, and stepped-up authentication flows.
Super Gluu out-of-the-box#
The Gluu Server 3.1.x supports push notifications for our free and secure two-factor authentication (2FA) mobile app, Super Gluu, out-of-the-box. Simply follow the docs to enable Super Gluu authentication.
2FA Credential Management#
Gluu Server 3.1.x includes support for a new open source web application called Credential Manager. Credential Manager is a user facing app that enables people to register and delete ("self-service") 2FA credentials, including U2F secrurity keys, Super Gluu devices, OTP app (like Google Authenticator), SMS phone numbers, and even change their password (if passwords are stored in the local Gluu LDAP).
To improve performance, the Gluu Server now caches short-lived objects, like the code in the authorization code flow. This reduces the number of writes to the LDAP database, increasing the performance of your underlying directory services.
From Seam to Weld#
The Jboss Seam J2EE framework was EOL. We updated to the Weld framework, which resulted in some of the URL's changing (now shorter and more clear). Clients that use the discovery endpoint (i.e.
https://<hostname>/.well-known/openid-configuration) should be ok. But watch out for any clients that may have hard coded endpoints.
The Gluu Server 3.1.x includes language packs. To learn more, or to contribute translations back to the project, check the localization docs.
Gluu Server 3.x#
Gluu Sever 3.x is more modern, faster, and easier to manage.
Jetty replaces Tomcat as servlet container#
Here are some of the reasons we made this change:
- Memory management: easier to allocate memory per app.
- Restart: Easier to restart individual components without affecting others. For example, Asimba requires more restarts when certain configuration is updated.
wrapper.logwas getting too busy. It's better to have the top-level log smaller. See logs management for more informatoin.
- Network: oxAuth is Internet facing; oxTrust is an admin application which may be internal facing only.
- Docker: Deploying each application in it's own servlet container aligns with our strategy to deploy each application in its own container.
OpenLDAP replaces OpenDJ#
The Gluu Server uses LDAP for persistence. The Gluu Server will continue to support several LDAP servers (including OpenDJ), but will now ship with OpenLDAP. Below are a few reasons.
- OpenLDAP has a better license, and Symas (the company behind OpenLDAP), has a clear commitment to free open source software.
- OpenLDAP's LMDB backend is super fast and crash-resistant.
- Tired of fighting with Java garbage collection.
- Affordable support options from Symas.
- Proxy Capabilities: using OpenLDAP Gold, which is a commercial distribution from Symas, data can be organized into different replicated topologies, and the proxy can be used to route operations. This strategy can increase the write performance of the LDAP service.
Shibboleth IDP version 3#
- Re-architected to use Spring
- Version 2.0 was end of life
- For more information, see the Release Notes
- Passport.js makes it easy to offer your users social login at more than 300 websites and consumer IDPs. See the Passport docs for more information.
- One-Time Password (OTP) authentication: You asked for it! Now it's easy to authenticate users with any standard HOTP or TOTP OATH software, like Google Authenticator. Read the docs.
- Centralized logging--useful for clustered deployments.
- Improved audit logging capabilities for OAuth 2.0
- External Logging is made easy using FluentD 3.5
- Migrated Weld 3.0.0