Session ticket authentication scheme
First Claim
1. In a network including at least one electronic device, a method of authentication of a web service customer, comprising:
- a web server receiving a request for access to a first web service;
intercepting the request with an agent and collecting authentication credentials;
determining whether the web service customer is authenticated and authorized;
if the web service customer is authenticated and authorized, creating a session and session ticket;
returning an ID and the session ticket to the web server;
encrypting the session ticket ID and a public key into an assertion;
sending the assertion to the first web service; and
returning the assertion to the web service customer.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of propagating a user'"'"'s authentication/session information between different requests to Web services in a network includes a web server receiving a request for access to a first web service. The request is intercepted with an agent and authentication credentials are collected. A determination is made whether the web service customer is authenticated and authorized. If the web service customer is authenticated and authorized, a session and session ticket are created. An ID and the session ticket are returned to the web server. The session ticket ID and a public key are encrypted into an assertion. The assertion is sent to the first web service. The assertion is then returned to the web service customer for use with future requests. The assertion can be in the form of a SAML assertion.
195 Citations
23 Claims
-
1. In a network including at least one electronic device, a method of authentication of a web service customer, comprising:
-
a web server receiving a request for access to a first web service;
intercepting the request with an agent and collecting authentication credentials;
determining whether the web service customer is authenticated and authorized;
if the web service customer is authenticated and authorized, creating a session and session ticket;
returning an ID and the session ticket to the web server;
encrypting the session ticket ID and a public key into an assertion;
sending the assertion to the first web service; and
returning the assertion to the web service customer. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. In a network including at least one electronic device, a method of authentication of a web service customer, comprising:
-
the web service customer inserting an assertion and a signature into a document;
a web server receiving a request for access to a web service;
intercepting the request with an agent and collecting authentication credentials;
determining whether the assertion is valid;
if the assertion is valid, determining whether the web service customer is authenticated; and
if the web service customer is authenticated, granting the web service customer access to the web service. - View Dependent Claims (8)
-
-
9. In a network including at least one electronic device, a method of authentication of a web service customer, comprising:
-
the web service customer sending a request for access to a first web service;
a web server receiving an encrypted assertion and public key for incorporation into future requests; and
the web service customer being granted access to the first web service. - View Dependent Claims (10, 11)
-
-
12. In a network including at least one electronic device, a method of authentication of a web service customer, comprising:
-
a web server receiving a request for access to a first web service;
intercepting the request and gathering authentication credentials;
determining whether the web service customer is authenticated and authorized;
if the web service customer is authenticated and authorized, creating a session and session ticket;
returning an ID and the session ticket to the web server;
encrypting the session ticket ID, a public key, and a private key into an assertion; and
sending the assertion to the first web service. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. In a network including at least one electronic device, a method of authentication of a source of a document, comprising:
-
a third party receiving a document from a previously authenticated first source;
the third party forwarding the document to a predetermined authentication system responsible for previously authenticating the first source to authenticate the source; and
the third party receiving an indication of validation as to whether the document originated with the first source. - View Dependent Claims (19, 20, 21, 22, 23)
-
Specification