Industry Standards

Gluu is built on established industry standards that are proven and tested, supporting the security of your organization over the long-term.

OpenID Connect Provider (OP)

OpenID Connect leverages the OAuth 2.0 framework to define ways for software to verify the identity of a person based on the authentication performed by an OAuth Authorization Server.   Web, mobile, or JavaScript software clients can use different flows defined in the OpenID Connect specificiations to enable trusted exchange of information between domains without sacrificing a person’s consent. 

The OpenID Provider (OP) is the equivalent of a SAML Identity Provider (IDP). It holds end user credentials (like a username/ password) and personally identifiable information. During a single sign-on (SSO) login flow, end users are redirected to the OP for authentication.  Many OpenID Connect flows derive trust from the TLS connection between a person’s browser and the OP. Thus OpenID Connect leverages the technology most commonly available today.

Why you need it

Despite OAuth’s close association with authentication, if you want to use it for web or mobile login, you should use OpenID Connect. Both a profile and extension of OAuth, OpenID Connect defines some of the features necessary to use OAuth for federated identity.

openid connect certified

Gluu OpenID Certification

The OpenID Foundation enables deployments of OpenID Connect and the Financial-grade API (FAPI) Read/Write Profile to test against specific conformance profiles to promote interoperability among implementations. The OpenID Foundation’s certification process utilizes self-certification and conformance test suites developed by the Foundation.

« »