Ldapwiki: Web Blog_blogentry_170617

2017-06-17#

Gluu Server #

The Gluu Server includes a variety of components, each of which serves a different purpose. You can use any or all of the following:

oxShibboleth - an open-source, single sign-on server used by more than 5,000 organizations
gluu-Asimba - a platform that allows you to consolidate Security Assertion Markup Language (SAML) authentication and Identity Provider (IDP)
oxAuth - Gluu’s IDP and User-Managed Access (UMA) authorization server
Gluu LDAP - Gluu’s version of OpenDJ, an open-source directory service
oxTrust - Gluu’s server administrator app used to manage and configure sign ons, authentication, access, and scripts
OXD - is a mediator, a service demon that listens on localhost, providing easy APIs that can be called by a web application to simplify using an OpenID Connect Provider, like Google or the Gluu Server, for authentication or authorization. oxd is not a proxy--sometimes it makes API calls on behalf of an application, but other times it just forms the right URLs and returns them to the application.

Using oxd to support federation in an application provides both technical and business advantages:

oxd consolidates the OAuth2 code in one package. If new vulnerabilities are discovered in OAuth2/OpenID Connect, oxd is the only component that needs to be updated. The oxd APIs remain the same, so you don’t have to change and regression test your applications;

oxd is written, maintained, and supported by developers who specialize in application security. Because of the complexity of the standards–and the liability associated with poor implementations–it makes sense to rely on professionals who have read the specifications in their entirety and understand how to properly implement the protocols;

Centralization reduces costs. By using oxd across your IT infrastructure for application security (as opposed to a handful of homegrown and third party OAuth2 implementations), the surface area for vulnerabilities, issue resolution, and support is significantly reduced. Plus you have someone to call when something goes wrong!