In a lot of ways, not that much is new–the goal of Gluu Server 4.x is stability. But, we did add a few new features people have been requesting:
Amazon Aurora and Google Spanner support for Gluu Server Cloud Native (“Gluu CN”)
Cloud Native design principles instruct us to use cloud services where possible, and nowhere does this make more sense than with regard to persistence. The performance on these two horizontally scalable database services is excellent. Using cloud databases with the Gluu Server will help your organization operate a highly available, geographically distributed identity service with greater ease.
Support for FIDO 2.0 platform authenticators (e.g. Apple TouchID)
The Gluu Server includes a standalone FIDO server which validates and registers credentials. Now that server supports “platform authenticators”–FIDO devices that are built into hardware like mobile phones and laptops. In 4.3, there is also an upgraded Casa plugin to enable users to manage their platform FIDO devices (i.e. register, remove). And platform devices are also available for API-based management via Gluu’s FIDO SCIM extension.
Improvements to the SCIM API
SCIM is a popular JSON/REST API for performing user management. In 4.3, we tweaked the SCIM API interception script for the GET operation. Previously, this script was executed after the database query was executed. Now, it’s executed before, enabling you to optimize the database filter before it runs, improving efficiency. Gluu 4.3 also introduces two new security models for SCIM: OAuth and None. See the docs for more info!
More metrics! You can now get data on “monthly active users”
Calculating monthly active users is tricky, because it can impact performance by consuming RAM or persistence. So we integrated a new feature that algorithmically calculates monthly active users and stores the data centrally for reporting. This will enable you to give more information back to business users about how end users utilize your digital identity service.
Shibboleth IDP: major update to version 4.1.4
The Shibboleth Foundation is hard at work upgrading the server (and not giving you a lot of time to get current). Gluu 4.3 has the latest Shibboleth IDP bits, which include no noticeable improvements, because nothing in SAML ever changes.
A new VM distribution for SUSE Enterprise Linux (SLES 15 sp3)
Now that SUSE is the largest independent open source company, we thought it was time to finally support their Linux Distro. So happily, SUSE Linux Enterprise Server 15 SP3 is now available for testing. You might want to wait until 4.3.1 to put it into production, as it’s a new release. But let us know what you think!
A new VM distribution for RHEL 8 with the DISA STIG security profile
The RHEL 8 DISA STIG security profile enables organizations to implement security policies on their servers to align with the US Department of Defense’s guidelines for hardening that operating system. There are over 200 security recommendations that are implemented. Some of the notable ones include: central crypto policy enforcement, a new file security demon called fapolicyd, and of course configuration for SELinux, the universally loved kernel security enforcement mechanism among linux administrators. This new distribution of the Gluu Server upgrades the default configuration profile and some of the TLS libraries to make your distribution FIPS 140-2 conformant.
If you need help with the upgrade, reach out to our sales team by scheduling a meeting at https://gluu.org/booking.
Gluu also has a network of partners around the world who can help you to upgrade on time and on budget.