×

Virtual machine logon federation

  • US 10,205,717 B1
  • Filed: 04/01/2013
  • Issued: 02/12/2019
  • Est. Priority Date: 04/01/2013
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method comprising:

  • prompting, at a credential provider application that resides on a virtual machine, a user of the virtual machine to provide one or more user credentials via a log on interface on the virtual machine, the virtual machine and the credential provider application that resides on a virtual machine being in an external security domain outside of an original security domain of the user, the one or more user credentials provided by the original security domain of the user;

    receiving, at the credential provider, the one or more user credentials from the user of the virtual machine, wherein;

    the one or more user credentials are obtained by the user from the original security domain of the user, the original security domain comprising a plurality of host machines, the user credentials providing access to a first resource hosted in the original security domain of the user;

    the virtual machine and the credential provider application that resides on the virtual machine are in the external security domain outside the original security domain of the user;

    receiving, from the user, a request to access, via the virtual machine, a second resource in the external security domain of the user;

    forwarding the one or more user credentials to an authentication entity in the external security domain; and

    based at least in part on a determination that the one or more credentials are authentic;

    receiving from an identity provider of the original security domain of the user a first security token for providing access to the second resource in the external security domain via the virtual machine;

    creating a shadow user within the external security domain based on the user credentials;

    assigning privileges to the shadow user based on information in the first security token wherein the information in the first security token corresponds to a set of allowed actions the shadow user may take with respect to the second resource and a set of forbidden actions the shadow user may not take with respect to the second resource while logged onto the virtual machine; and

    providing the user of the virtual machine with access to the second resource in the external security domain via the virtual machine as determined using the privileges assigned to the shadow user.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×