Gluu Crowdfunds OAuth2 strong authentication and API access management software for Apache Web servers.

1
Gluu Crowdfunds OAuth2 strong authentication and
API access management software for Apache Web
servers

• Plugin enables SSO to websites that support
  OpenID Connect 1.0. Early support for the UMA
  OAuth2 profile for authorization may offer
  domains alternatives to CA SiteMinder.
• March 5, 2014 Austin, TX OAuth2 is becoming
  increasingly popular as a protocol to secure
  websites. This crowd-funded plugin for the
  popular Apache Web server will enable system
  administrators to easily protect folders or
  specific APIs without the need to write complex
  code. Gluu today demonstrated deployment of the
  plugin using the Ubuntu Juju orchestration
  platform, enabling instant two-factor
  authentication for an Apache web server.
• 34 contributors from around the world helped to
  fund the CrowdTilt campaign. Three open source
  security companies contributed to the project
  Gluu, ForgeRock, and Symas. For more information
  about the CrowdTilt, see here. 

2
Using a web container plugin to act as the
policy enforcement point is widely used strategy
by commercial Web access management platforms,
for example, Computer Associates SiteMinder
product. The crowd-funded Apache plugin simply
uses OAuth2 to standardize what had previously
been a proprietary protocol, said Gluu CEO and
OX Project Founder Michael Schwartz. It doesnt
make sense for each vendor to have their own
Apache container plugin, said Lasse Andresen,
CTO and co-founder of ForgeRock. Collaboration
on an open source Apache plugin, and other
container plugins such as tomcat and nginx, will
make it easier for system administrators to
centralize authentication and authorization for
their domain. It will also make it easier to
support social login, a key missing component
from earlier proprietary web access management
solutions. OAuth2 builds on previous
authentication standards like LDAP. Were
excited to see how the adoption of new OAuth2
profiles is enabling vendors to leverage their
directory infrastructure to publish information
about people to web and mobile applications in a
secure way, said Marty Heyman, President of
Symas, authors of the popular OpenLDAP
Distribution. Continued enhancements to the
crowdfunded code are planned. For technical
information about how to deploy the OAuth2
Plugin, see here. If you want to see the software
in action, Gluu is participating in an UMA
Webinar with ForgeRock and Computer Associates on
March 20, 2014.
3

• About Gluu
• Gluu provides support for the Gluu Server for
  single sign-on, strong authentication, and web
  access management. A subscription to the Gluu
  Server enables an organization to quickly launch
  open standard based security services for their
  domain on their private or public cloud.
• About ForgeRock
• ForgeRock is redefining identity and access
  management for the modern web including public
  cloud, private cloud, hybrid cloud, social,
  mobile and enterprise environments. ForgeRock
  products support mission-critical operations with
  a fully open source platform. ForgeRocks Open
  Identity Stack powers solutions for many of the
  worlds largest companies and government
  organizations.
• For more information and free downloads, visit
  www.forgerock.com or follow ForgeRock on Twitter.
• About Symas
• Symas is the premier provider of technical
  support services for OpenLDAP, the fastest and
  most advanced Open Source LDAP Directory
  Software.