Methods for load balancing in a federated identity environment and devices thereof
First Claim
1. A method for load balancing in a federated identity environment implemented by a network traffic management system comprising one or more identity provider server devices, service provider server devices, backend application server devices or client devices, the method comprising:
- receiving a redirected authentication request from a client requesting access to an intended service provider server device of a plurality of service provider server devices, the authentication request originating from the intended service provider server device and being redirected through the client;
generating a token in response to successfully authenticating the authentication request;
comparing one or more network parameter values of the intended service provider server device against one or more network parameter values associated with each of the other service provider server devices of the plurality of service provider server devices;
selecting a different service provider server device from among the other service provider server devices based on the comparison and one or more selection rules; and
in response to successfully authenticating the authentication request, redirecting the client request to the selected different service provider server device instead of the intended service provider server device, and sending the generated token for accessing one or more applications associated with the selected different service provider server device to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems performing load balancing in a federated identity environment. An enhanced identity service provider server receives a redirected user authentication from a client device. Upon successfully authenticating the user of the client device a token is generated. Further another service provider server is selected based on a comparison of one or more network parameters and the client device is redirected with the token to the another selected service provider server. Based on a validation of the token the client device accesses applications protected by the selected another service provider server.
-
Citations
20 Claims
-
1. A method for load balancing in a federated identity environment implemented by a network traffic management system comprising one or more identity provider server devices, service provider server devices, backend application server devices or client devices, the method comprising:
-
receiving a redirected authentication request from a client requesting access to an intended service provider server device of a plurality of service provider server devices, the authentication request originating from the intended service provider server device and being redirected through the client; generating a token in response to successfully authenticating the authentication request; comparing one or more network parameter values of the intended service provider server device against one or more network parameter values associated with each of the other service provider server devices of the plurality of service provider server devices; selecting a different service provider server device from among the other service provider server devices based on the comparison and one or more selection rules; and in response to successfully authenticating the authentication request, redirecting the client request to the selected different service provider server device instead of the intended service provider server device, and sending the generated token for accessing one or more applications associated with the selected different service provider server device to the client. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An identity provider apparatus, comprising a memory with programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to:
-
receive a redirected authentication request from a client requesting access to an intended service provider server device of a plurality of service provider server devices, the authentication request originating from the intended service provider server device and being redirected through the client; generate a token in response to successfully authenticating the authentication request; compare one or more network parameter values of the intended service provider server device against one or more network parameter values associated with each of the other service provider server devices of the plurality of service provider server devices; select a different service provider server device from among the other service provider server devices based on the comparison and one or more selection rules; and in response to successfully authenticating the authentication request, redirect the client request to the selected different service provider server device instead of the intended service provider server device, and sending the generated token for accessing one or more applications associated with the selected different service provider server device to the client. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer readable medium having stored thereon instructions for load balancing in a federated identity environment comprising executable code which when executed by one or more processors, causes the one or more processors to:
-
receive a redirected authentication request from a client requesting access to an intended service provider server device of a plurality of service provider server devices, the authentication request originating from the intended service provider server device and being redirected through the client; generate a token in response to successfully authenticating the authentication request; compare one or more network parameter values of the intended service provider server device against one or more network parameter values associated with each of the other service provider server devices of the plurality of service provider server devices; select a different service provider server device from among the other service provider server devices based on the comparison and one or more selection rules; and in response to successfully authenticating the authentication request, redirect the client request to the selected different service provider server device instead of the intended service provider server device, and sending the generated token for accessing one or more applications associated with the selected different service provider server device to the client. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A network traffic management system, comprising one or more traffic management apparatuses, client devices, or server devices, the network traffic management system comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to:
-
receive a redirected authentication request from a client requesting access to an intended service provider server device of a plurality of service provider server devices, the authentication request originating from the intended service provider server device and being redirected through the client; generate a token in response to successfully authenticating the authentication request; compare one or more network parameter values of the intended service provider server device against one or more network parameter values associated with each of the other service provider server devices of the plurality of service provider server devices; select a different service provider server device from among the other service provider server devices based on the comparison and one or more selection rules; and in response to successfully authenticating the authentication request, redirect the client request to the selected different service provider server device instead of the intended service provider server device, and sending the generated token for accessing one or more applications associated with the selected different service provider server device to the client. - View Dependent Claims (17, 18, 19, 20)
-
Specification