Scale and Flexibility with Zero Trust
Scales to Billions
Need to handle many thousands of authentications per second? If so, it’s better to scale out (by adding more servers), not up (by adding more memory and compute). Gluu enables you to horizontally scale both the web and persistence resources as needed to meet any level of burstiness.
Enterprises are moving to open source infrastructure software for a reason: community-developed software results in more innovation and less bugs. Nothing builds trust like source code. At Gluu, we’re committed to both leading and contributing to the open source projects which comprise our distribution.
Open Web Standards
The most modern federated identity protocol based on OAuth, use OpenID to centralize authentication for web and mobile applications. Based on published OpenID Provider conformance profiles, the Gluu Server is the most comprehensive OpenID Connect Provider implementation available.
Everyone knows passwords are not secure. FIDO offers an alternative to passwords–cryptographic authentication using hardware or software. FIDO is not limited to just Yubikeys. Laptops and smartphones are building FIDO into their hardware. Gluu has a full FIDO server stack.
User Managed Access
The UMA standard provides a way to interact with a person post-authentication. A common use case is to get consent. Other use cases arise around asynchronous interactions, like when two people need to sign a check, and maybe one is not online at the moment. Gluu has a complete UMA 2.0 stack.
SAML is used by lots of existing web applications and SaaS services. It’s old, but reliable. You won’t want to use SAML for mobile applications or SPA’s. But if you have an off-the-shelf application that supports SAML, it’s a reasonable way to integrate it. The Gluu Server maintains SSO across OpenID and SAML websites.
Plain old OAuth should be your go-to strategy to secure API’s. Developers know it, and there are many products and libraries that make it easier. Gluu supports both reference and value tokens (JWTs). And using the Gluu interception scripts, you can call API’s or add business logic to add extra information into access tokens.
If you need to add user information into the Gluu Server, the best way to do so is to call the /Users endpoint using the SCIM protocol. To do so, you’ll need to present an authorized access token. Network protection is also recommended for the SCIM API. Using SCIM for integration protects you from needing to know database implementation details, like schema.
The Gluu LDAP Server is our fork of the OpenDJ directory server. While we generally don’t recommend exposing the LDAP interface to the network, sometimes the Gluu LDAP server provides a convenient central publication point for user information. Using the Cache Refresh service, you can also synchronize data from other LDAP sources.
Gluu ships with a very small Radius Server. It’s not meant for high performance requirements. For scale and concurrency, we recommend the open source Radius server called Radiator. But if you just have some ad hoc Unix logins, and you want to use Super Gluu for authentication, this little Radius server can get the job done for you!
Gluu publishes Linux packages for Ubuntu, Debian, Centos and RedHat. Customers with a VIP subscription can also use our Cluster Manager deployment tool to quickly set up a highly available cluster of Gluu Servers.
Cloud native is the way to go if you have the skills. There are just so many advantages: auto-scaling, zero downtime updates, declarative configuration, advanced tooling.
We love cloud native.
And we’re working hard to keep developing the tools you need to maintain the ease-of-use we’re famous for in the VM world.
SSO is an important use case for employee productivity, and for customer-facing user experience. With Gluu, SSO is maintained simultaneously across OpenID and SAML websites. Gluu also provides some great strategies to manage the equally as important SLO: single logout.
API Access Management
The Gluu Server is an OAuth Authorization Server (“AS”), one of the important components of any API access management infrastructure. The AS authenticates clients (like websites) and issues access tokens. Gluu supports both reference tokens and value tokens (i.e. JWT’s).
Gluu ships with out-of-the-box support for many 2FA mechanisms, like FIDO, OTP, SMS, smart card, Duo, and many more. The Gluu Platform also offers a unique self-service portal called Casa, which enables end users to manage their 2FA credentials, much like they would do at Google.
Customer Identity and Access
One of the key use cases for Gluu is CIAM. That’s because Gluu gives you incredible flexibility and control over the user experience and backend integration. If you have millions of customers (or citizens), Gluu is an excellent choice to serve as the central authentication service.
Sometimes your organization is not the source of identity–you may need to rely on a customer or partner’s identity provider. Gluu enables you to rely on a SAML, OpenID or social identity provider, and to map user claims for each to meet the needs of your business.