System and method for centralized authentication and authorization for cloud platform with multiple deployments
First Claim
1. A server device, comprising:
- a non-transitory memory device storing a plurality of processor-executable instructions; and
a processor configured to execute the processor-executable instructions, wherein executing the processor-executable instructions causes the processor to;
receive, from a User Equipment (UE), user information indicating a plurality of cloud services provided by a plurality of cloud platform deployments, wherein each particular cloud platform deployment, of the plurality of cloud platform deployments, is configured to require a user to complete a separate sign on procedure prior to granting access to a particular cloud service associated with the particular cloud platform deployment;
authenticate a user of the UE using a single authentication service;
communicate with the plurality of cloud platform deployments via a simulated client browser to obtain authorization for the UE to access each cloud platform deployment, of the plurality of cloud platform deployments, the obtaining including;
requesting, from each cloud platform deployment, a login session,receiving a redirect message, from each cloud platform deployment, in response to the login session request,providing, to each cloud platform deployment and in response to the respective redirect message from each cloud platform deployment, information indicating that the user has been previously authenticated using the single authentication service, andreceiving, in response to providing the information indicating that the user has been previously authenticated, permission information for accessing the cloud services; and
provide, to the UE, the permission information to enable the UE to access the plurality of cloud services.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques described herein may be used to centralize authentication and authorization for accessing cloud services provided by different cloud platform deployments. A user equipment (UE) may provide user information to a cloud admin server. The cloud admin server may authenticate and authorize the UE locally and then initiate a sign on procedure with each cloud platform deployment. The sign on procedure may include obtaining user group information for the user and providing the user group information to the cloud platform deployments so that the cloud platform deployments may return permission information without having to each perform an authentication and authorization procedure. The cloud admin server may relay the permission information to the UE, and the UE may use the permission information to access any/all of the cloud services.
12 Citations
20 Claims
-
1. A server device, comprising:
-
a non-transitory memory device storing a plurality of processor-executable instructions; and a processor configured to execute the processor-executable instructions, wherein executing the processor-executable instructions causes the processor to; receive, from a User Equipment (UE), user information indicating a plurality of cloud services provided by a plurality of cloud platform deployments, wherein each particular cloud platform deployment, of the plurality of cloud platform deployments, is configured to require a user to complete a separate sign on procedure prior to granting access to a particular cloud service associated with the particular cloud platform deployment; authenticate a user of the UE using a single authentication service; communicate with the plurality of cloud platform deployments via a simulated client browser to obtain authorization for the UE to access each cloud platform deployment, of the plurality of cloud platform deployments, the obtaining including; requesting, from each cloud platform deployment, a login session, receiving a redirect message, from each cloud platform deployment, in response to the login session request, providing, to each cloud platform deployment and in response to the respective redirect message from each cloud platform deployment, information indicating that the user has been previously authenticated using the single authentication service, and receiving, in response to providing the information indicating that the user has been previously authenticated, permission information for accessing the cloud services; and provide, to the UE, the permission information to enable the UE to access the plurality of cloud services. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
receiving, by a server device and from a User Equipment (UE), user information indicating a plurality of cloud services provided by a plurality of cloud platform deployments, wherein each particular cloud platform deployment, of the plurality of cloud platform deployments, is configured to require a user to complete a separate sign on procedure prior to granting access to a particular cloud service associated with the particular cloud platform deployment; authenticating, by the server device, a user of the UE using a single authentication service; communicate, by the server device, with the plurality of cloud platform deployments via a simulated client browser to obtain authorization for the UE to access each cloud platform deployment, of the plurality of cloud platform deployments, the obtaining including; requesting, from each cloud platform deployment, a login session, receiving a redirect message, from each cloud platform deployment, in response to the login session request, providing, to each cloud platform deployment and in response to the respective redirect message from each cloud platform deployment, information indicating that the user has been previously authenticated using the single authentication service, and receiving, in response to providing the information indicating that the user has been previously authenticated, permission information for accessing the cloud services; and providing, by the server device and to the UE, the permission information to enable the UE to access the plurality of cloud services. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium storing a plurality of processor-executable instructions, wherein executing the processor-executable instructions causes one or more processors to:
-
receive, from a User Equipment (UE), user information indicating a plurality of cloud services provided by a plurality of cloud platform deployments, wherein each particular cloud platform deployment, of the plurality of cloud platform deployments, is configured to require a user to complete a separate sign on procedure prior to granting access to a particular cloud service associated with the particular cloud platform deployment; authenticate a user of the UE using a single authentication service; communicate with the plurality of cloud platform deployments via a simulated client browser to obtain authorization for the UE to access each cloud platform deployment, of the plurality of cloud platform deployments, the obtaining including; requesting, from each cloud platform deployment, a login session, receiving a redirect message, from each cloud platform deployment, in response to the login session request, providing, to each cloud platform deployment and in response to the respective redirect message from each cloud platform deployment, information indicating that the user has been previously authenticated using the single authentication service, and receiving, in response to providing the information indicating that the user has been previously authenticated, permission information for accessing the cloud services; and provide, to the UE, the permission information to enable the UE to access the plurality of cloud services. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification