Press Releases


Back to Resources

Gluu Crowdfunds OAuth2 strong authentication and API access management software for Apache Web servers.


Plugin enables SSO to websites that support OpenID Connect 1.0. Early support for the UMA OAuth2 profile for authorization may offer domains alternatives to CA SiteMinder.

March 5, 2014 – Austin, TX — OAuth2 is becoming increasingly popular as a protocol to secure websites. This crowd-funded plugin for the popular Apache Web server will enable system administrators to easily protect folders or specific APIs without the need to write complex code. Gluu today demonstrated deployment of the plugin using the Ubuntu Juju orchestration platform, enabling instant two-factor authentication for an Apache web server.

34 contributors from around the world helped to fund the CrowdTilt campaign. Three open source security companies contributed to the project: Gluu, ForgeRock, and Symas. For more information about the CrowdTilt, see here

“Using a web container plugin to act as the policy enforcement point is widely used strategy by commercial Web access management platforms, for example, Computer Associates’ SiteMinder product. The crowd-funded Apache plugin simply uses OAuth2 to standardize what had previously been a proprietary protocol,” said Gluu CEO and OX Project Founder Michael Schwartz.

“It doesn’t make sense for each vendor to have their own Apache container plugin,” said Lasse Andresen, CTO and co-founder of ForgeRock. “Collaboration on an open source Apache plugin, and other container plugins such as tomcat and nginx, will make it easier for system administrators to centralize authentication and authorization for their domain. It will also make it easier to support social login, a key missing component from earlier proprietary web access management solutions.”

OAuth2 builds on previous authentication standards like LDAP. “We’re excited to see how the adoption of new OAuth2 profiles is enabling vendors to leverage their directory infrastructure to publish information about people to web and mobile applications in a secure way,” said Marty Heyman, President of Symas, authors of the popular OpenLDAP Distribution.

Continued enhancements to the crowdfunded code are planned. For technical information about how to deploy the OAuth2 Plugin, see here. If you want to see the software in action, Gluu is participating in an UMA Webinar with ForgeRock and Computer Associates on March 20, 2014.

About Gluu:
Gluu provides support for the Gluu Server for single sign-on, strong authentication, and web access management. A subscription to the Gluu Server enables an organization to quickly launch open standard based security services for their domain on their private or public cloud.

About ForgeRock:
ForgeRock is redefining identity and access management for the modern web including public cloud, private cloud, hybrid cloud, social, mobile and enterprise environments. ForgeRock products support mission-critical operations with a fully open source platform. ForgeRock’s Open Identity Stack powers solutions for many of the world’s largest companies and government organizations. For more information and free downloads, visit www.forgerock.com or follow ForgeRock on Twitter.

About Symas:
Symas is the premier provider of technical support services for OpenLDAP, the fastest and most advanced Open Source LDAP Directory Software.

Get News and Product Updates