OAuth2 is becoming increasingly popular as a protocol to secure websites. This crowd-funded plugin for the popular Apache Web server will enable system administrators to easily protect folders or specific APIs without the need to write complex code. Gluu today demonstrated deployment of the plugin using the Ubuntu Juju orchestration platform, enabling instant two-factor authentication for an Apache web server.

1. GLUU CROWDFUNDS OAUTH2 STRONG AUTHENTICATION
AND API ACCESS MANAGEMENT SOFTWARE FOR APACHE
WEB SERVERS
Plugin enables SSO to websites that support OpenID Connect 1.0. Early
support for the UMA OAuth2 profile for authorization may offer domains
alternatives to CA SiteMinder.
March 5, 2014 – Austin, TX — OAuth2 is becoming increasingly popular
as a protocol to secure websites. This crowd-funded plugin for the
popular Apache Web server will enable system administrators to easily
protect folders or specific APIs without the need to write complex code.
Gluu today demonstrated deployment of the plugin using the Ubuntu
Juju orchestration platform, enabling instant two-factor authentication for
an Apache web server.
34 contributors from around the world helped to fund the CrowdTilt
campaign. Three open source security companies contributed to the
project: Gluu, ForgeRock, and Symas. For more information about the
CrowdTilt, see here.

2. “Using a web container plugin to act as the policy enforcement point is widely used
strategy by commercial Web access management platforms, for example,
Computer Associates’ SiteMinder product. The crowd-funded Apache plugin simply
uses OAuth2 to standardize what had previously been a proprietary protocol,” said
Gluu CEO and OX Project Founder Michael Schwartz.
“It doesn’t make sense for each vendor to have their own Apache container plugin,”
said Lasse Andresen, CTO and co-founder of ForgeRock. “Collaboration on an
open source Apache plugin, and other container plugins such as tomcat and nginx,
will make it easier for system administrators to centralize authentication and
authorization for their domain. It will also make it easier to support social login, a
key missing component from earlier proprietary web access management
solutions.”
OAuth2 builds on previous authentication standards like LDAP. “We’re excited to
see how the adoption of new OAuth2 profiles is enabling vendors to leverage their
directory infrastructure to publish information about people to web and mobile
applications in a secure way,” said Marty Heyman, President of Symas, authors of
the popular OpenLDAP Distribution.
Continued enhancements to the crowdfunded code are planned. For technical
information about how to deploy the OAuth2 Plugin, see here. If you want to see
the software in action, Gluu is participating in an UMA Webinar with ForgeRock and
Computer Associates on March 20, 2014.

3. About Gluu:
Gluu provides support for the Gluu Server for single sign-on, strong authentication,
and web access management. A subscription to the Gluu Server enables an
organization to quickly launch open standard based security services for their
domain on their private or public cloud.
About ForgeRock:
ForgeRock is redefining identity and access management for the modern web
including public cloud, private cloud, hybrid cloud, social, mobile and enterprise
environments. ForgeRock products support mission-critical operations with a fully
open source platform. ForgeRock’s Open Identity Stack powers solutions for many
of the world’s largest companies and government organizations.
For more information and free downloads, visit www.forgerock.com or follow
ForgeRock on Twitter.
About Symas:
Symas is the premier provider of technical support services for OpenLDAP, the
fastest and most advanced Open Source LDAP Directory Software.