Gluu embeds TiQR for secure and free multi-factor authentication

1
Gluu embeds TiQR for secure and free multi-factor
authentication
Gluu, a leader in enterprise authorization and
authentication, announced today that its open
source, open standards identity and access
management platform, OX, now ships with free
out-of-the-box support for TiQR multi-factor
authentication. By using OX and TiQR,
organizations can use smart phones to strongly
authenticate people, enabling them to access
websites and mobile applications that are too
sensitive to be protected by passwords
alone.   Its well known that passwords are the
weakest link. Passwords are the root cause of
most of the recent security breaches. But the
road to implementation of stronger forms of
authentication can be expensive and complicated,
said Gluu CEO Mike Schwartz. Now, with a
subscription to the Gluu Server, organizations
can offer application developers and SaaS
partners the option to use standard Web
authentication APIs such as OAuth2 and SAML to
leverage a free mobile, out-of-band two-factor
authentication for increased security.
2
Tiqr makes it easy for a person to enroll their
phone or mobile device, and then use it as an
authentication factor. After logging into a
website, the TiQR server displays a QR code which
only the persons registered mobile device can
scan and validate. It was developed by SURF net,
a non-profit educational network based in the
Netherlands.   TiQRs open-source authentication
solution from SURFnet was the perfect fit for
Gluus enterprise authorization and
authentication platform, said Schwartz. While
there are many good commercial options for
authentication, many of which are well worth the
money, it never hurts to have options. One of our
customers requested TiQR, and we thought it made
sense to make available to everyone. In addition
to TiQR, Gluu currently supports a number of
leading SaaS offerings from partners such as Duo
Security, Toopher, and OneID.   As valuable
content continues to move to the cloud,
organizations are frequently faced with the
challenge of securely authenticating employees
and customers to third party websites and
applications. Schwartz added, as companies
invest in strong authentication solutions, both
commercial and open source, they want to make
sure the maximum number of websites can support
these new credentials. This is accomplished by
publishing standard APIs for authentication,
like OpenID Connect and SAML. So a website would
not need to know anything about TiQR as long as
they stick to one of the
3

• supported APIs. Thats what makes this such a
  good idea let each domain pick the
  authentication mechanisms that make the most
  sense for their business and security
  requirements.
•  
• Demos of the complete integrated solution,
  including standards based single sign-on server
  and TiQR out-of-band authentication are available
  from Gluu.
•  
• For more information, please visit our website
  http//www.gluu.org
•  
• About Gluu
•  
• Gluu provides IT services to large organizations
  to help them design, build, and operate
  authentication and authorization (AA) systems
  to secure web and mobile applications using open
  source software. Gluu leverages open standards
  such as OAuth 2.0, SAML, and RADIUS to enable
  organizational strong authentication, shibboleth
  sso (SSO), and web access management (WAM). The
  OX open source project, maintained by Gluu,
  implements two profiles of Oauth2 OpenID Connect
  for authentication and UMA for authorization.
  Gluus OX management service enables
  organizations to quickly deploy an AA service for
  their Internet domain, on the IAAS platform of
  their choice.

4
Gluus dedicated server delivery model allows
security conscious organizations to centrally
manage authorization and authentication using
their own servers, from inside their own network.
This mitigates a number of security concerns
associated with multi-tenant identity solutions.
In addition, because all the software is open
source, there are no per user licensing fees,
which makes the total cost of ownership markedly
less than proprietary monolithic IAM offerings by
companies like Oracle, IBM and CA. About
TiQR   TiQR was invented at SURFnet and was
built with help from Egeniq and Stroomt. TiQR is
based on Open Standards from the Open
Authentication Initiative (OATH). It uses the
OCRA protocol suite to perform challenge/response
authentication.   Where traditional methods
require you to type in (alpha-) numerical codes
displayed on the web page, we leverage the
ease-of-use of QR tags. And where you normally
would have to copy the response from your phone
by typing it on your computer we make use of the
fact that almost all modern phones have Internet
connectivity. This is the secret behind TiQRs
ease of use.