System and method for proxying federated authentication protocols
First Claim
Patent Images
1. A method comprising:
- at a proxy server;
emulating an identity provider in a first instance of a federated authentication protocol based on a service provider identity request;
emulating a service provider in a second instance to thereby transmit a proxy identity request;
wherein the first instance of a federated authentication protocol is a first type of protocol, wherein the second instance of a federated authentication protocol is a second type of protocol, and wherein the first and second type of protocol are not the same;
executing a second layer of authentication; and
determining, at the proxy server, an identity assertion.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method that include receiving a service provider identity request through a federated authentication protocol; transmitting a proxy identity request to a configured identity provider; receiving an identity assertion; facilitating execution of a second layer of authentication; determining a proxy identity assertion based on the identity assertion and the second layer of authentication; and transmitting the proxy identity assertion to the service provider.
-
Citations
23 Claims
-
1. A method comprising:
-
at a proxy server; emulating an identity provider in a first instance of a federated authentication protocol based on a service provider identity request; emulating a service provider in a second instance to thereby transmit a proxy identity request; wherein the first instance of a federated authentication protocol is a first type of protocol, wherein the second instance of a federated authentication protocol is a second type of protocol, and wherein the first and second type of protocol are not the same; executing a second layer of authentication; and determining, at the proxy server, an identity assertion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for single sign-on comprising:
-
configuring a first instance and a second instance of a federated authentication protocol; receiving an identity assertion through the first instance federated identity protocol; executing a second layer of authentication; emulating, in a second instance of a federated authentication protocol, an identity provider to thereby transmit a proxy identity assertion; in association with a managing account instance, configuring the first instance of a federated authentication protocol and the second instance of a federated authentication protocol; and prior to transmitting the proxy identity assertion, selecting the second instance according to an identifier of the managing account from the first instance. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A system comprising:
-
a federated authentication proxy server that comprises; an identity provider interface that emulates an identity provider through a federated authentication protocol in a first instance, a service provider emulator that emulates a service provider through a federated authentication protocol in a second instance, a translation module that communicatively translates identity requests and identity assertions processed within the identity provider interface and the service provider emulator, a second layer authentication engine, and an account system with stored configuration of at least one managing account that includes configuration of the first instance of the federated authentication protocol, the second instance of the federated authentication protocol; and
second layer of authentication settings of at least one identity associated with the managing account. - View Dependent Claims (21, 22)
-
-
23. A system comprising:
-
a federated authentication proxy server that comprises; an identity provider interface that emulates an identity provider through a federated authentication protocol in a first instance, a service provider emulator that emulates a service provider through a federated authentication protocol in a second instance, a second layer authentication engine, a two-factor authentication web service integrated with the second layer authentication engine, wherein the federated authentication proxy server is hosted in the two-factor authentication web service, and an account system with stored configuration of at least one managing account that includes configuration of the first instance of the federated authentication protocol, the second instance of the federated authentication protocol; and
second layer of authentication settings of at least one identity associated with the managing account.
-
Specification