Method and apparatus for identity federation gateway
First Claim
1. A method comprising:
- sending a provisioning message from a user device over a communication network in response to a request at the user device to access a legacy authentication service of a network resource,wherein the provisioning message includes a request to determine whether to use the legacy authentication service of the network resource or a federated identity service to identify the user devicewhen the user device is to be identified by the federated identity service, sending a service request message to access the network resource, from the user device, over the communication network, to an identifier federation gateway;
receiving an identification message at the user device from the from the identifier federation gateway with a redirect instruction to the federated identity service when the user device is to be identified by the federated identity service;
sending identification data that indicates an identity for the user device to the federated identity service; and
receiving an authentication results message from the legacy authentication service via the identifier federation gateway,wherein the authentication results message includes an indication that the user device is successfully identified by the federated identity service.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for an ID federation gateway include determining whether a user associated with a request for a particular network resource is to be identified by the provider of the particular service or by a different party. The service also comprises causing the different party to provide identification data that indicates an identity for the user, if the user is to be identified by the different party. The method further comprises causing user credentials data, based on the identification data, to be sent to an authentication process of the provider for a set of one or more network resources that includes the particular network resource requested by the user, if the data indicates that the user is successfully identified.
14 Citations
20 Claims
-
1. A method comprising:
-
sending a provisioning message from a user device over a communication network in response to a request at the user device to access a legacy authentication service of a network resource, wherein the provisioning message includes a request to determine whether to use the legacy authentication service of the network resource or a federated identity service to identify the user device when the user device is to be identified by the federated identity service, sending a service request message to access the network resource, from the user device, over the communication network, to an identifier federation gateway; receiving an identification message at the user device from the from the identifier federation gateway with a redirect instruction to the federated identity service when the user device is to be identified by the federated identity service; sending identification data that indicates an identity for the user device to the federated identity service; and receiving an authentication results message from the legacy authentication service via the identifier federation gateway, wherein the authentication results message includes an indication that the user device is successfully identified by the federated identity service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
at least one processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following; send a provisioning message from a user device over a communication network in response to a request at the user device to access a legacy authentication service of a network resource, wherein the provisioning message includes a request to determine whether to use the legacy authentication service of the network resource or a federated identity service to identify the user device when the user device is to be identified by the federated identity service, sending a service request message to access the network resource, form the user device, over the communication network, to an identifier federation gateway; receive an identification message at the user device from the identifier federation gateway with a redirect instruction to the federated identity service when the user device is to be identified by the federated identity service; receive an authentication results message from the legacy authentication service via the identifier federation gateway, wherein the authentication results message includes an indication that the user device is successfully identified by the federated identity service. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause an apparatus to at least perform the following steps:
-
sending a provisioning message from a user device over a communication network in response to a request at the user device to access a legacy authentication service of a network resource, wherein the provisioning message includes a request to determine whether to use the legacy authentication service of the network resource or a federated identity service to identify the user device when the user device is to be identified by the federated identity service, sending a service request message to access the network resource, from the user device, over the communication network, to an identifier federation gateway; receiving an identification message at the user device from the identifier federation gateway with a redirect instruction to the federated identity service when the user device is to be identified by the federated identity service; sending identification data that indicates an identity for the user device to the federated identity service; and receiving an authentication results message from the legacy authentication service via the identifier federation gateway, wherein the authentication results message includes an indication that the user device is successfully identified by the federated identity service. - View Dependent Claims (17, 18, 19, 20)
-
Specification