×

Generating and managing a composite identity token for multi-service use

  • US 10,505,733 B2
  • Filed: 09/25/2017
  • Issued: 12/10/2019
  • Est. Priority Date: 09/25/2017
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • at a composite identity server comprising at least one processor, at least one memory, and at least one communication interface;

    receiving, by the at least one processor and from a user agent associated with a user computing device, a request to upgrade a first authentication token triggered by a relying party server, wherein the relying party server is associated with services provided by a first relying party and services provided by a second relying party, wherein the first authentication token was issued by a first identity provider to permit the user agent access to the services provided by the first relying party;

    determining, by the at least one processor, whether the user agent is currently involved in a valid identity login session associated with the relying party server;

    in response to determining that the user agent is currently involved in the valid identity login session associated with the relying party server, redirecting, by the at least one processor, the user agent to an identity provider server associated with a second identity provider for authentication;

    receiving, by the at least one processor and from the identity provider server associated with the second identity provider, a second authentication token, the second authentication token indicating that an authorization code associated with the identity provider server is valid, wherein the second authentication token permits the user agent access to the services provided by the second relying party;

    sending, by the at least one processor and to a federated microservice server, the second authentication token for transformation, wherein the federated microservice server is specific to the second identity provider;

    receiving, by the at least one processor and from the federated microservice server, one or more transformed claims of the second authentication token and one or more claims of the second authentication token designated for storage by a profile microservice server;

    sending, by the at least one processor and to the profile microservice server, the one or more claims of the second authentication token designated for storage at the profile microservice server;

    after receiving a storage confirmation from the profile microservice server, redirecting, by the at least one processor, the user agent to the relying party server with an authorization code associated with the composite identity server;

    after redirecting the user agent to the relying party server, receiving, by the at least one processor and from the relying party server, the authorization code associated with the composite identity server;

    in response to determining that the authorization code associated with the composite identity server received from the relying party server is valid, sending, by the at least one processor and to the relying party server, a composite token comprising;

    the one or more transformed claims of the second authentication token; and

    one or more claims of the first authentication token,wherein the composite token permits, via the relying party server, the user agent access to the services provided by the first relying party and the services provided by the second relying party.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×