Method and system for native authentication protocols in a heterogeneous federated environment
First Claim
Patent Images
1. A method for authenticating a user within a data processing system, the method comprising:
- generating an authentication assertion for the user at a first trust proxy within a first domain;
receiving at a system in a second domain a request from a client operated by the user to access a controlled resource within the second domain;
sending the authentication assertion from the first domain to a second trust proxy in the second domain; and
validating the authentication assertion at the second trust proxy in the second domain.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.
-
Citations
18 Claims
-
1. A method for authenticating a user within a data processing system, the method comprising:
-
generating an authentication assertion for the user at a first trust proxy within a first domain;
receiving at a system in a second domain a request from a client operated by the user to access a controlled resource within the second domain;
sending the authentication assertion from the first domain to a second trust proxy in the second domain; and
validating the authentication assertion at the second trust proxy in the second domain. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for authenticating a user within a data processing system, the apparatus comprising:
-
means for generating an authentication assertion for the user at a first trust proxy within a first domain;
means for receiving at a system in a second domain a request from a client operated by the user to access a controlled resource within the second domain;
means for sending the authentication assertion from the first domain to a second trust proxy in the second domain; and
means for validating the authentication assertion at the second trust proxy in the second domain. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product in a computer readable medium for use in a data processing system for authenticating a user, the computer program product comprising:
-
means for generating an authentication assertion for the user at a first trust proxy within a first domain;
means for receiving at a system in a second domain a request from a client operated by the user to access a controlled resource within the second domain;
means for sending the authentication assertion from the first domain to a second trust proxy in the second domain; and
means for validating the authentication assertion at the second trust proxy in the second domain. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification