Super Gluu

This mobile application can be used to achieve multi-factor authentication to a Gluu Server. It supports two workflows. It can be used as a one-step authentication to a website, where the person scans a QR code, and the Gluu Server looks up what person is associated with that phone. It can also be used for a two step authentication, where the person logs into a website with username and password, and then the person receives an out of band push notification to the mobile device to authorize access.

The Gluu Server does more than look at the device ID to grant access. This application uses the FIDO U2F endpoints on the Gluu Server to enroll a public key. When authentication happens, there is a challenge response to ensure that the device has the respective private key.

Funding for this project was provided as part of a NSTIC pilot. The base code is available on Github at https://github.com/GluuFederation/oxPush2 This means that if you want to brand the application with your own logo, and make it available on the App Store, you are welcome to do so.

The Gluu Server is an identity and access management suite that implements the SAML, OpenID Connect, UMA and other OAuth2 profiles. Free open source distributions are available for several linux distributions, including Centos, Ubuntu and Red Hat. The goal of the Gluu Server is to enable organizations to provide central API's for user authentication and API access management. For more information, please see our website http://gluu.org