When your authentication needs to meet the rigors of military-grade or government identity access management you can count on the Gluu Server to perform
Defense in Depth
Gluu can be deployed on RHEL 8 using the DISA-STIG security profile which enforces cryptographic algorithms that are certified for FIPS 140-2 and implements other security measures, like the use of SELinux and policy kernel security.
As a self-contained Linux software package, you can operate your Gluu Server digital identity platform in a disconnected or air-gapped environment. Gluu’s modular components ensure you only need to run the services that you need–minimizing your security surface area. For example, if you don’t need SAML, don’t run the SAML IDP.
Using the standard Apache web server from RHEL 8 to the front end of the Gluu Server, you can use the Gluu Server to protect OpenID Connect or SAML websites with CAC or PIV card authentication. You can also support multi-hop OCSP revocation topologies.
For those people who need access to web applications, but may not have a CAC or PIV card (yet), you can leverage other strong authentication technologies that conform to AALlike FIDO (i.e. W3C WebAuthn), OATH TOTP/HOTP, SMS or even email authentication. FIDO authentication prevents MITM attacks, much like mutual TLS–one of the most important security properties of CAC/PIV cards.
With our recent completion of FIPS 140-2 conformance, we’re excited that even more customers will benefit from the security and ease of use of this profile, particularly those with compliance requirements outlined by the U.S. National Institute of Standards and Technology (NIST).
Using FIPS-validated MFA is a requirement for many regulated industries, U.S. federal and state government agencies, and government contractors or suppliers.
Providers of cloud services to the U.S. government must also adopt FIPS 140-2 validated encryption to meet FedRAMP requirements, and FIPS-validated MFA to meet the elevated FedRAMP Moderate or High baselines.