Title: Gluu embeds TiQR for secure and free multi-factor authentication
1Gluu embeds TiQR for secure and free multi-factor
authentication
Gluu, a leader in enterprise authorization and
authentication, announced today that its open
source, open standards identity and access
management platform, OX, now ships with free
out-of-the-box support for TiQR multi-factor
authentication. By using OX and TiQR,
organizations can use smart phones to strongly
authenticate people, enabling them to access
websites and mobile applications that are too
sensitive to be protected by passwords
alone. Its well known that passwords are the
weakest link. Passwords are the root cause of
most of the recent security breaches. But the
road to implementation of stronger forms of
authentication can be expensive and complicated,
said Gluu CEO Mike Schwartz. Now, with a
subscription to the Gluu Server, organizations
can offer application developers and SaaS
partners the option to use standard Web
authentication APIs such as OAuth2 and SAML to
leverage a free mobile, out-of-band two-factor
authentication for increased security.
2Tiqr makes it easy for a person to enroll their
phone or mobile device, and then use it as an
authentication factor. After logging into a
website, the TiQR server displays a QR code which
only the persons registered mobile device can
scan and validate. It was developed by SURF net,
a non-profit educational network based in the
Netherlands. TiQRs open-source authentication
solution from SURFnet was the perfect fit for
Gluus enterprise authorization and
authentication platform, said Schwartz. While
there are many good commercial options for
authentication, many of which are well worth the
money, it never hurts to have options. One of our
customers requested TiQR, and we thought it made
sense to make available to everyone. In addition
to TiQR, Gluu currently supports a number of
leading SaaS offerings from partners such as Duo
Security, Toopher, and OneID. As valuable
content continues to move to the cloud,
organizations are frequently faced with the
challenge of securely authenticating employees
and customers to third party websites and
applications. Schwartz added, as companies
invest in strong authentication solutions, both
commercial and open source, they want to make
sure the maximum number of websites can support
these new credentials. This is accomplished by
publishing standard APIs for authentication,
like OpenID Connect and SAML. So a website would
not need to know anything about TiQR as long as
they stick to one of the
3- supported APIs. Thats what makes this such a
good idea let each domain pick the
authentication mechanisms that make the most
sense for their business and security
requirements. -
- Demos of the complete integrated solution,
including standards based single sign-on server
and TiQR out-of-band authentication are available
from Gluu. -
- For more information, please visit our website
http//www.gluu.org -
- About Gluu
-
- Gluu provides IT services to large organizations
to help them design, build, and operate
authentication and authorization (AA) systems
to secure web and mobile applications using open
source software. Gluu leverages open standards
such as OAuth 2.0, SAML, and RADIUS to enable
organizational strong authentication, shibboleth
sso (SSO), and web access management (WAM). The
OX open source project, maintained by Gluu,
implements two profiles of Oauth2 OpenID Connect
for authentication and UMA for authorization.
Gluus OX management service enables
organizations to quickly deploy an AA service for
their Internet domain, on the IAAS platform of
their choice.
4Gluus dedicated server delivery model allows
security conscious organizations to centrally
manage authorization and authentication using
their own servers, from inside their own network.
This mitigates a number of security concerns
associated with multi-tenant identity solutions.
In addition, because all the software is open
source, there are no per user licensing fees,
which makes the total cost of ownership markedly
less than proprietary monolithic IAM offerings by
companies like Oracle, IBM and CA. About
TiQR TiQR was invented at SURFnet and was
built with help from Egeniq and Stroomt. TiQR is
based on Open Standards from the Open
Authentication Initiative (OATH). It uses the
OCRA protocol suite to perform challenge/response
authentication. Where traditional methods
require you to type in (alpha-) numerical codes
displayed on the web page, we leverage the
ease-of-use of QR tags. And where you normally
would have to copy the response from your phone
by typing it on your computer we make use of the
fact that almost all modern phones have Internet
connectivity. This is the secret behind TiQRs
ease of use.