The DE repo and all the individual DE components are actually licensed under the [Gluu Support license](https://github.com/GluuFederation/gluu-docker/blob/3.1.4/LICENSE), which means a support contract is needed with Gluu or one of our OEM partners for use after 30 days.
> running a VM with 4Gb for just 30 users is going to be quite resource heavy and not too scaleable.
Agreed. Whats the business case for multi-tenancy? The value of the users would need to be very high to justify the costs associated with deploying and operating a dedicated authentication service.
LDAP, oxAuth, and oxTrust are all required for your OpenID Connect service, so you need those in each instance of Gluu. SAML is optional, but a memory hog, and it sounds like you need that as well since you mentioned Shibboleth is installed. That too would need to be installed where ever you want to support SAML.
We specify 4GB because you don't want your authentication service to run out of memory and crash.. with so few users, you might be able to get by with less, but it's not something we recommend or test for.
In general, Gluu is built for high-end requirements, so unless the value of the users is very high, I'm not sure this is a good use case.
If you'd like to discuss technology / business further, let's do it on a call. Just grab a convenient time: