Domain pass-through authentication in a hybrid cloud environment
First Claim
1. A computing platform, comprising:
- at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to;
establish, with an external cloud computing platform, a first network connection;
send, to the external cloud computing platform and while the first network connection is established, a registration request corresponding to each of a plurality of resource location connectors wherein the registration request corresponding to each of the plurality of resource location connectors causes a resource location service (RLS) endpoint corresponding to each of the plurality of resource location connectors to be stored at a cloud configuration service at the external cloud computing host platform;
establish, with a user device, a second network connection;
receive, for each of the plurality of resource location connectors, a request for a resource location identifier corresponding to each of the plurality of resource location connectors;
determine an accessible resource location connector, where the accessible resource location connector comprises one of the plurality of resource location connectors that is accessible;
send, to the user device and while the second network connection is established, a resource location identifier corresponding to the accessible resource location connector;
receive, from the user device, a domain pass-through authentication request;
determine, using an authentication agent corresponding to the accessible resource location connector, a user identity;
send, to a ticketing service stored on the external cloud computing platform, the user identity;
receive, from the ticketing service stored on the external cloud computing platform, a one-time domain pass-through authentication ticket; and
send, to the user device, the one-time domain pass-through authentication ticket, wherein sending the one-time domain pass-through authentication ticket to the user device allows the user device to perform domain pass-through authentication with the external cloud computing platform and to access protected resources on the external cloud computing platform.
8 Assignments
0 Petitions
Accused Products
Abstract
Aspects of the disclosure relate to processing systems using improved domain pass-through authentication techniques. A computing platform may send, to an external cloud computing platform, one or more registration requests that each may cause an RLS endpoint corresponding to each of a plurality of resource location connectors to be stored at the external cloud computing host platform. The computing platform may receive one or more requests for a resource location identifier. The computing platform may determine an accessible resource location connector and may send, to the user device, a corresponding resource location identifier. After receiving a pass-through authentication request, the computing platform may receive, from the ticketing service stored on the external cloud computing platform, a one-time ticket. The computing platform may send, to the user device, the one-time ticket, which may allow the user device to perform pass-through authentication with the external cloud computing platform.
-
Citations
20 Claims
-
1. A computing platform, comprising:
-
at least one processor; a communication interface communicatively coupled to the at least one processor; and memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to; establish, with an external cloud computing platform, a first network connection; send, to the external cloud computing platform and while the first network connection is established, a registration request corresponding to each of a plurality of resource location connectors wherein the registration request corresponding to each of the plurality of resource location connectors causes a resource location service (RLS) endpoint corresponding to each of the plurality of resource location connectors to be stored at a cloud configuration service at the external cloud computing host platform; establish, with a user device, a second network connection; receive, for each of the plurality of resource location connectors, a request for a resource location identifier corresponding to each of the plurality of resource location connectors; determine an accessible resource location connector, where the accessible resource location connector comprises one of the plurality of resource location connectors that is accessible; send, to the user device and while the second network connection is established, a resource location identifier corresponding to the accessible resource location connector; receive, from the user device, a domain pass-through authentication request; determine, using an authentication agent corresponding to the accessible resource location connector, a user identity; send, to a ticketing service stored on the external cloud computing platform, the user identity; receive, from the ticketing service stored on the external cloud computing platform, a one-time domain pass-through authentication ticket; and send, to the user device, the one-time domain pass-through authentication ticket, wherein sending the one-time domain pass-through authentication ticket to the user device allows the user device to perform domain pass-through authentication with the external cloud computing platform and to access protected resources on the external cloud computing platform. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
at a computing platform comprising at least one processor, a communication interface, and memory; establishing, with an external cloud computing platform, a first network connection; sending, to the external cloud computing platform and while the first network connection is established, a registration request corresponding to each of a plurality of resource location connectors wherein the registration request corresponding to each of the plurality of resource location connectors causes a resource location service (RLS) endpoint corresponding to each of the plurality of resource location connectors to be stored at a cloud configuration service at the external cloud computing host platform; establishing, with a user device, a second network connection; receiving, for each of the plurality of resource location connectors, a request for a resource location identifier corresponding to each of the plurality of resource location connectors; determining an accessible resource location connector, where the accessible resource location connector comprises one of the plurality of resource location connectors that is accessible; sending, to the user device and while the second network connection is established, a resource location identifier corresponding to the accessible resource location connector; receiving, from the user device, a domain pass-through authentication request; determining, using an authentication agent corresponding to the accessible resource location connector, a user identity; sending, to a ticketing service stored on the external cloud computing platform, the user identity; receiving, from the ticketing service stored on the external cloud computing platform, a one-time domain pass-through authentication ticket; and sending, to the user device, the one-time domain pass-through authentication ticket, wherein sending the one-time domain pass-through authentication ticket to the user device allows the user device to perform domain pass-through authentication with the external cloud computing platform and to access protected resources on the external cloud computing platform. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, a communication interface, and memory, cause the computing platform to:
-
establish, with an external cloud computing platform, a first network connection; send, to the external cloud computing platform and while the first network connection is established, a registration request corresponding to each of a plurality of resource location connectors wherein the registration request corresponding to each of the plurality of resource location connectors causes a resource location service (RLS) endpoint corresponding to each of the plurality of resource location connectors to be stored at a cloud configuration service at the external cloud computing host platform; establish, with a user device, a second network connection; receive, for each of the plurality of resource location connectors, a request for a resource location identifier corresponding to each of the plurality of resource location connectors; determine an accessible resource location connector, where the accessible resource location connector comprises one of the plurality of resource location connectors that is accessible; send, to the user device and while the second network connection is established, a resource location identifier corresponding to the accessible resource location connector; receive, from the user device, a domain pass-through authentication request; determine, using an authentication agent corresponding to the accessible resource location connector, a user identity; send, to a ticketing service stored on the external cloud computing platform, the user identity; receive, from the ticketing service stored on the external cloud computing platform, a one-time domain pass-through authentication ticket; and send, to the user device, the one-time domain pass-through authentication ticket, wherein sending the one-time domain pass-through authentication ticket to the user device allows the user device to perform domain pass-through authentication with the external cloud computing platform and to access protected resources on the external cloud computing platform. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification