Skip to content

What's new in Gluu Server v4#

Version 4.1#

OIDC client creation improvements#

In version 4.1, we fixed several issues with OpenID Connect clients that were causing early expiration and errors with attributes.

Shibboleth IDP cache support#

Shibboleth IDP user sessions are now cached similarly to other services, allowing them to survive server restarts and be more easily replicated in a clustered environment. See more details in the IDP documentation

Casa and oxd added to installation script#

For convenience, Casa and oxd can now be installed with the standard Community Edition setup script! See all the options in the setup script documentation.

Minor bug fixes and feature improvements#

A variety of bug fixes and UX improvements are included with the latest release. See our complete release notes.

Version 4.0#

Persistence redesign#

In 4.0, the Gluu Server persistence layer is more modular. Previously LDAP was tightly bundled. Now, any persistence mechanism can be supported with a jar file that implements the base Persistence API. The desired mechanism can then be specifed in gluu.properties. Learn more.

Support for Couchbase#

Couchbase Enterprise Edition (EE) is now supported as a persistence mechanism, enabling hyper-scalable authentication and authorization. Learn more.

Extensive Passport redesign#

New UI's in 4.0 enable simpler configuration of inbound identity workflows and improved support for external OpenID Connect Providers ("inbound OpenID"). Read the docs.

No version numbers in packages#

Previously, the version number was included in the Gluu Server package, e.g. gluu-server-3.1.6. Starting in 4.0, the latest stable Gluu Server package name is simply gluu-server. This simplifies version upgrades, server operations, and improves interoperability between Gluu products.

More SAML IDP features#

NameIDs can now be configured inside oxTrust, and SAML ACRS parameters are now supported, which, when used in conjunction with force authentication, enables stepped-up authentication for SAML SPs.

Support for RADIUS authentication#

The Gluu Server now supports two options for RADIUS authentication to enable SSO and 2FA to non-web applications like SSH, VPN, and Wi-Fi:

  • Gluu RADIUS: a free, single-threaded RADIUS implementation based on the TinyRADIUS server; and...

  • Radiator: a robust, commercial AAA server built for ISPs and carriers.

Improved clean up service#

Introduced in CE 3.1.6, cleanService is now more configurable. This service periodically removes unused and expired cache and session-related database entries to improve server performance. Read the docs.

Updated libraries and components#

4.0 includes the latest version of Shibboleth, updated Java libraries and Jetty, and Oracle JDK has been replaced with Amazon Corretto, an open source, production-ready distribution of OpenJDK.

Minor bug fixes and feature improvements#

A variety of bug fixes and UX improvements are included with the latest release. See our complete release notes.