Five+ years of
Gluu 4.x

Gluu 4 represents 14 years of innovation and teamwork. It's a stable distribution you can rely on for years to come.


Very large deployments where control of scalability is critical. With Gluu’s cloud-native distribution, you can scale out by adding more servers–automatically on the fly. No matter what your performance requirements are, the Gluu Server can handle it. Gluu is the only identity platform that can take advantage of Couchbase’s next-generation persistence capabilities.


Multi-tenant cloud-hosted identity services mix your personal data in a shared database with lots of other customers. It also means that secrets, like user passwords and client credentials, are stored in the cloud. By self-hosting a Gluu Server, you know where your personal data resides


The Gluu Server is very flexible. You can add custom code to integrate backend systems at many points in the authentication and authorization workflow. We don’t waste your time with a fancy workflow GUI. We define many interfaces, and let you write a little bit of Python or Java code to implement the exact logic you need to get the job done.

Take a closer look at Gluu 4


The core OpenID Connect identity provider and OAuth authorization server that renders login pages, authenticates clients and issues tokens. The oxAuth component of Gluu 4 is one of the most comprehensive OAuth and OpenID Connect Providers available that has submitted numerous certifications

Casa is both an OOTB authentication flow, and an extensible self-service web portal for end-users to view, add and enroll MFA credentials. What happens when you lose your MFA credential? With Casa, end-users have a website to remove lost credentials, and to enroll a replacement! Plugins are available for FIDO, OTP, Super Gluu, SMS, smart card, and Duo, and more. You can also write your own plugin. more info

Gluu 4 supports LDAP, Couchbase and RDBMS databases. Choosing the right persistence mechanism is critical for the performance and availability of any identity platform. LDAP is a good choice when your data fits in one server. SQL is great for many situations, but especially when an RDBMS database service is already available.  Couchbase is great when you need a sharded, multi-datacenter, self-hosted deployment.

Federation broker for SAML IDPs and social login. If your partners or customers have their own SAML IDP, or you want to use a social identity provider, passport enables you to normalize authentication and to map user claims on a per IDP basis.

Gluu 4 uses Passport-js as a federation broker for SAML IDPs and social login. Passport enables you to normalize authentication and to map user claims on a per IDP basis. Passport is invoked with via a person interception script, which gives you some more flexibility if you have business specific requirements.

Shibboleth SAML IDP

Using the Shibboleth IDP, you can achieve SSO with SAML websites (SP’s). With the Gluu Server, no need to hand edit confusing XML files–use the admin UI (or config API) to create trust relationships and release attributes to websites. The Gluu oxTrust component renders the configuration you need.

Admin UI
oxTrust Admin

Easy to use web interface for configuration.
The Admin web UI is nice for ad hoc configuration. You can also use the oxTrust config API to achieve more automation.

Single Sign-On

Gluu 4

This is the original “Gluu Server”, and will be supported by Gluu until 2030. It’s proven solution used by enterprises who want to operate either a consumer or workforce facing federated identity provider (IDP).
Common use cases include:

Features and Entitlements

Support and license entitlements for Gluu open source products and services.
Support Portal

The Gluu Support Portal is the primary mechanism to triage support if you have a Gluu Subscription that includes support. Refer to your support contract for the severity-based response time guidelines. The Gluu support team is notified 24x7x365 and issues are automatically escalated.

Support SLAs

The FIDO registration and authentication pattern adds a cryptographic challenge and response to verify the device was previously registered.

Consultative Support

Your Gluu Subscription may include an allocation of hours to schedule ad hoc Zoom calls with the Gluu engineering team. You can use these consultative sessions to review application design, obtain training, or dive deeper into a topic of your choice. Advance notice is required so Gluu can schedule the appropriate resources. Consultative support hours are “use-it-or-lose-it”, i.e. they don’t accumulate.

Functional and Devops Support

Application developers and deployers have different sets of challenges. The former frequently need to know how to use the Gluu Server and the latter how to operate it. Functional support issues are more common at the start of access management projects. DevOps support is critical for the production rollout and subsequent operation.

Prioritization Feature Requests

Feature requests for customers with a Gluu Subscription always get priority attention. Gluu cannot guarantee to add new features based on these requests. This decision is ultimately made by the product team, and in some cases, in collaboration with the open-source community that leads development. But if possible, customer requests are accommodated.

Cluster Manager
Cluster Manager is a deployment tool that makes it easier to configure a cluster of Gluu Servers on virtual machines. It saves time by automating many manual tasks and makes your cluster easier to upgrade. Cluster Manager is commercially licensed. Subscriptions give your organization the right to use the software on an annual basis.