An apache authentication module needs to be programmed to support Crowd.

This will involve writing a C/C++ client that will call the /crowd/services/SecurityServer?wsdl and authenticate a user through http-form based authentication.

The SecurityServerClient can serve as a good starting point for how to connect to the security server, get a valid authentication token and then query if the user has a valid username and password.

This following how-tos describes how the LDAP module works, which would be similar to the Crowd Java integration libraries. Based on the path/host/url Apache would use Crowd to validate through a positive authentication if the user is allowed to access a particular resource. Once the authentication is verified, no validation between request would be necessary as apache can handle if this is a continuous web session.

• http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html
• http://gentoo-wiki.com/HOWTO_Apache2_and_mod_auth_ldap