Apparatus, system, and method for faciliating authenticated communication between authentication realms
First Claim
1. An apparatus for facilitating authenticated communication between authentication realms, the apparatus comprising:
- an authentication gateway configured to authenticate a principal using a first authentication protocol;
a generator configured to generate a foreign realm authentication token compatible with a second authentication protocol and configured for inter-realm communication; and
a foreign realm authentication module configured to authenticate the principal to access services of a foreign realm using the foreign realm authentication token in accordance with the second authentication protocol.
3 Assignments
0 Petitions
Accused Products
Abstract
An apparatus, system, and method are disclosed for facilitating authenticated communication between authentication realms. The present invention includes an authentication gateway configured to authenticate a principal using a first authentication protocol. The first authentication protocol may be one of a variety of authentication protocols. A generator in communication with the authentication gateway generates a foreign realm authentication token that is compatible with a second authentication protocol and configured for inter-realm communication. A foreign realm authentication module then authenticates the principal to access services of a foreign realm using the foreign realm authentication token. The authentication is performed by the foreign realm authentication module in accordance with the second authentication protocol. The first authentication protocol may be a non-Kerberos protocol and the second authentication protocol may be a Kerberos protocol.
-
Citations
30 Claims
-
1. An apparatus for facilitating authenticated communication between authentication realms, the apparatus comprising:
-
an authentication gateway configured to authenticate a principal using a first authentication protocol;
a generator configured to generate a foreign realm authentication token compatible with a second authentication protocol and configured for inter-realm communication; and
a foreign realm authentication module configured to authenticate the principal to access services of a foreign realm using the foreign realm authentication token in accordance with the second authentication protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus for facilitating authenticated communication between authentication realms, the apparatus comprising:
-
a generator configured to generate a cross-realm authentication token compatible with a Kerberos authentication protocol;
a proxy configured to send a non-Kerberos authentication token from a user application, receive the cross-realm authentication token, and exchange communications between the user application and a service in a Kerberos realm in response to successful inter-realm authentication;
a Kerberos gateway configured to receive the non-Kerberos authentication token from the proxy and authenticate the user application using a non-Kerberos authentication protocol; and
a Kerberos authentication server configured to authenticate the proxy to access services of the Kerberos realm using the cross-realm authentication token and in accordance with the Kerberos authentication protocol. - View Dependent Claims (12, 13, 14)
-
-
15. A system for facilitating authenticated communication between authentication realms, the system comprising:
-
a client computer within an authentication realm, the client computer configured to solicit credentials from a user of an application and generate a non-Kerberos authentication token;
a Kerberos gateway server registered as a gateway between the authentication realm and a foreign authentication realm, the Kerberos gateway server configured to receive and authenticate the non-Kerberos authentication token and to issue a Ticket-Granting-N Ticket (TGT) to the client computer in response to authentication of the user using a non-Kerberos authentication protocol;
a Kerberos authentication server configured to issue a cross-realm ticket and to send the cross-realm ticket to the client computer in response to the TGT from the client computer;
a Kerberos service provider configured to establish a cross-realm communication session with the user application on the client computer in response to the cross-realm ticket from the client computer; and
a network configured to operatively couple the client computer, Kerberos gateway server, Kerberos authentication server, and Kerberos service provider for networked communications. - View Dependent Claims (16, 17)
-
-
18. A signal bearing medium tangibly embodying a program of machine-readable instructions executable by a digital processing apparatus to perform operations to facilitate authenticated communication between authentication realms, the operations comprising:
-
an operation to authenticate a principal using a first authentication protocol;
an operation to generate a foreign realm authentication token compatible with a second authentication protocol, the foreign realm authentication token configured for inter-realm communication; and
an operation to authenticate the principal to access services of a foreign realm using the foreign realm authentication token and in accordance with the second authentication protocol. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method for facilitating authenticated communication between authentication realms, the method comprising:
-
authenticating a principal using a first authentication protocol;
generating a foreign realm authentication token compatible with a second authentication protocol, the foreign realm authentication token configured for inter-realm communication; and
authenticating the principal to access services of a foreign realm using the foreign realm authentication token and in accordance with the second authentication protocol. - View Dependent Claims (28, 29)
-
-
30. An apparatus for facilitating authenticated communication between authentication realms, the apparatus comprising:
-
means for authenticating a principal using a first authentication protocol;
means for generating a foreign realm authentication token compatible with a second authentication protocol, the foreign realm authentication token configured for inter-realm communication; and
means for authenticating the principal to access services of a foreign realm using the foreign realm authentication token and in accordance with the second authentication protocol.
-
Specification