WSO2 Identity Server, last week named a Strong Performer in Customer Identity and Access Management (CIAM) by Forrester, and Gluu are identity solutions used to manage users, roles, permissions and application permission in a centralized way. In my previous blog, I compared WSO2 Identity Server and ForgeRock. In this blog, I compare WSO2 Identity Server and Gluu, based on industry-standard features for identity providers (IdPs).
As both WSO2 Identity Server and Gluu are aimed at the same goal, there is of course overlap between these products.
- Single Sign-On: This feature helps to sign in with single Id and Password to any of several related, yet independent, software systems. Both support SSO through SAML and Open-Id.
- Users and Roles: Both WSO2 Identity Server and Gluu support users and roles.
- User Attribute Mapping: Both WSO2 Identity Server and Gluu support adding custom user attributes and mapping.
- Identity Federation: Both WSO2 Identity Server and Gluu support industry standard Federation to external IdP using SAML/OpenID connect with user attribute mapper.
- One-Time Password: Both WSO2 Identity Server and Gluu support TOTP, Google Authenticator, OTP.
- SCIM: Both WSO2 Identity Server and Gluu supports SCIM.
Additionally, there are some differences between the product features of WSO2 Identity Server and Gluu, although they seem rather minor.
- OpenJDK Support: WSO2 Identity Server supports OpenJDK whereas Gluu doesn’t.
- JDBC support: WSO2 Identity Server stores application based data in JDBC store where as Gluu stores it in LDAP.
- Workflow: Gluu does not include features for approvals and workflows, etc. WSO2 Identity Server supports BPM Workflow Engine.
- Multitenancy: WSO2 Identity Server supports multitenancy whereas Gluu doesn’t.
- JDBC based User-Stores: WSO2 Identity Server support JDBC based User-Store whereas Gluu doesn’t.
- Multiple User-Stores: WSO2 Identity Server support multiple LDAP and JDBC based User-Store whereas Gluu doesn’t.
- Identity Federation: Gluu supports Identity federation but it seems to be very complex in nature. While in WSO2 Identity Server it very easy to configure.
- Social Login: WSO2 Identity Server provide OOB social login where as Gluu support it through Passport.js.
- Inbound/Outbound Identity Provisioning: WSO2 Identity Server support Inbound/Outbound Identity Provisioning whereas Gluu does not.
- Multi Step Authentication: WSO2 Identity Server supports multi-step authentication. This cannot be configured in Gluu.
- E-Mail and SMS OTP: WSO2 Identity Server support E-Mail and SMS OTP but Gluu does not.
- Legal (GDPR): WSO2 Identity Server fully adheres to GDPR regulations where there is no GDPR support for Gluu.
Now that we’ve had a look at the product features, it’s time walk through the pricing strategies of each of these products.
Non-commercially / Proof of Concept (PoC)
Both products are completely free to use in a non-commercial setting or for attempting a proof of concept scenario.
|Type||Costs – WSO2||Costs – Gluu|
|Non-commercial use – full product||Free – forever||Gluu Identity Platform doesn’t reveal its enterprise pricing details. Contact the vendor for a custom price quote.|
|Commercial self-hosted||WSO2 Identity Server offers an annual subscription based on cores.||Gluu Identity Platform doesn’t reveal its enterprise pricing details. Contact the vendor for a custom price quote.|
As we can see, above products on the surface seems to be similar in basic IdP functionalities. However, if you dig deeper, we know that the Gluu components merely satisfy simple, rudimentary requirements. Gluu IdP as name suggests is glued package of ‘off the shelf’ open source products and some of their own pieces. It’s also unknown how well all the parts would work together and how well Gluu could support components built by someone else. Features supported by Gluu are okay for small business but they mostly are not sufficient for more complex, enterprise applications and portals. Missing support for GDPR compliance is also a major drawback for Gluu. In that case, but actually in all cases, I suggest WSO2 Identity Server: a strong and leading product, indicated by Forrester Wave™ and KuppingerCole Leadership Compass.