diff --git a/server/pom.xml b/server/pom.xml
index 04c25aff904..0e517f7854e 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -136,7 +136,7 @@
     <dependency>
       <groupId>org.opensaml</groupId>
       <artifactId>opensaml</artifactId>
-      <version>2.6.1</version>
+      <version>${cs.opensaml.version}</version>
     </dependency>
   </dependencies>
   <build>
diff --git a/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml b/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
index 17681f7c4dc..e2d4d2798a4 100644
--- a/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
+++ b/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
@@ -32,7 +32,10 @@
                       http://www.springframework.org/schema/util/spring-util-3.0.xsd"
                       >
 
-    <bean id="authenticationManagerImpl" class="com.cloud.api.auth.APIAuthenticationManagerImpl" />
+    <bean id="authenticationManagerImpl" class="com.cloud.api.auth.APIAuthenticationManagerImpl">
+        <property name="apiAuthenticators"
+                  value="#{pluggableAPIAuthenticatorsRegistry.registered}" />
+    </bean>
 
     <bean id="accountManagerImpl" class="com.cloud.user.AccountManagerImpl">
         <property name="userAuthenticators"
diff --git a/server/src/com/cloud/api/ApiServlet.java b/server/src/com/cloud/api/ApiServlet.java
index 8dff6ebc952..454fc8b1ddd 100644
--- a/server/src/com/cloud/api/ApiServlet.java
+++ b/server/src/com/cloud/api/ApiServlet.java
@@ -16,9 +16,9 @@
 // under the License.
 package com.cloud.api;
 
-import com.cloud.api.auth.APIAuthenticationManager;
-import com.cloud.api.auth.APIAuthenticationType;
-import com.cloud.api.auth.APIAuthenticator;
+import org.apache.cloudstack.api.auth.APIAuthenticationManager;
+import org.apache.cloudstack.api.auth.APIAuthenticationType;
+import org.apache.cloudstack.api.auth.APIAuthenticator;
 import com.cloud.user.Account;
 import com.cloud.user.AccountService;
 import com.cloud.user.User;
@@ -26,6 +26,7 @@ import com.cloud.utils.HttpUtils;
 import com.cloud.utils.StringUtils;
 import com.cloud.utils.db.EntityManager;
 import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiServerService;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.managed.context.ManagedContext;
diff --git a/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
index ece2e032787..790b6d90e67 100644
--- a/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
+++ b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
@@ -19,6 +19,9 @@ package com.cloud.api.auth;
 import com.cloud.utils.component.ComponentContext;
 import com.cloud.utils.component.ManagerBase;
 import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.auth.APIAuthenticationManager;
+import org.apache.cloudstack.api.auth.APIAuthenticator;
+import org.apache.cloudstack.api.auth.PluggableAPIAuthenticator;
 import org.apache.log4j.Logger;
 
 import javax.ejb.Local;
@@ -32,12 +35,21 @@ import java.util.Map;
 public class APIAuthenticationManagerImpl extends ManagerBase implements APIAuthenticationManager {
     public static final Logger s_logger = Logger.getLogger(APIAuthenticationManagerImpl.class.getName());
 
+    private List<PluggableAPIAuthenticator> _apiAuthenticators;
+
     private static Map<String, Class<?>> s_authenticators = null;
-    private static List<Class<?>> s_commandList = null;
 
     public APIAuthenticationManagerImpl() {
     }
 
+    public List<PluggableAPIAuthenticator> getApiAuthenticators() {
+        return _apiAuthenticators;
+    }
+
+    public void setApiAuthenticators(List<PluggableAPIAuthenticator> authenticators) {
+        _apiAuthenticators = authenticators;
+    }
+
     @Override
     public boolean start() {
         s_authenticators = new HashMap<String, Class<?>>();
@@ -53,14 +65,13 @@ public class APIAuthenticationManagerImpl extends ManagerBase implements APIAuth
 
     @Override
     public List<Class<?>> getCommands() {
-        if (s_commandList == null) {
-            s_commandList = new ArrayList<Class<?>>();
-            s_commandList.add(DefaultLoginAPIAuthenticatorCmd.class);
-            s_commandList.add(DefaultLogoutAPIAuthenticatorCmd.class);
-            s_commandList.add(SAML2LoginAPIAuthenticatorCmd.class);
-            s_commandList.add(SAML2LogoutAPIAuthenticatorCmd.class);
+        List<Class<?>> cmdList = new ArrayList<Class<?>>();
+        cmdList.add(DefaultLoginAPIAuthenticatorCmd.class);
+        cmdList.add(DefaultLogoutAPIAuthenticatorCmd.class);
+        for (PluggableAPIAuthenticator apiAuthenticator: _apiAuthenticators) {
+            cmdList.addAll(apiAuthenticator.getAuthCommands());
         }
-        return s_commandList;
+        return cmdList;
     }
 
     @Override
diff --git a/server/src/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java b/server/src/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
index 243ad9b1697..2fb3f560175 100644
--- a/server/src/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
+++ b/server/src/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
@@ -16,7 +16,7 @@
 // under the License.
 package com.cloud.api.auth;
 
-import com.cloud.api.ApiServerService;
+import org.apache.cloudstack.api.ApiServerService;
 import com.cloud.api.response.ApiResponseSerializer;
 import com.cloud.exception.CloudAuthenticationException;
 import com.cloud.user.Account;
@@ -26,6 +26,8 @@ import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.auth.APIAuthenticationType;
+import org.apache.cloudstack.api.auth.APIAuthenticator;
 import org.apache.cloudstack.api.response.LoginCmdResponse;
 import org.apache.log4j.Logger;
 
diff --git a/server/src/com/cloud/api/auth/DefaultLogoutAPIAuthenticatorCmd.java b/server/src/com/cloud/api/auth/DefaultLogoutAPIAuthenticatorCmd.java
index a5802bfcbc6..999cefd8e3f 100644
--- a/server/src/com/cloud/api/auth/DefaultLogoutAPIAuthenticatorCmd.java
+++ b/server/src/com/cloud/api/auth/DefaultLogoutAPIAuthenticatorCmd.java
@@ -22,6 +22,8 @@ import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.auth.APIAuthenticationType;
+import org.apache.cloudstack.api.auth.APIAuthenticator;
 import org.apache.cloudstack.api.response.LogoutCmdResponse;
 import org.apache.log4j.Logger;
 
diff --git a/server/test/com/cloud/api/ApiServletTest.java b/server/test/com/cloud/api/ApiServletTest.java
index 0a9029663fa..1a9c13d3e74 100644
--- a/server/test/com/cloud/api/ApiServletTest.java
+++ b/server/test/com/cloud/api/ApiServletTest.java
@@ -16,9 +16,9 @@
 // under the License.
 package com.cloud.api;
 
-import com.cloud.api.auth.APIAuthenticationManager;
-import com.cloud.api.auth.APIAuthenticationType;
-import com.cloud.api.auth.APIAuthenticator;
+import org.apache.cloudstack.api.auth.APIAuthenticationManager;
+import org.apache.cloudstack.api.auth.APIAuthenticationType;
+import org.apache.cloudstack.api.auth.APIAuthenticator;
 import com.cloud.server.ManagementServer;
 import com.cloud.user.Account;
 import com.cloud.user.AccountService;