Method and system for externalized HTTP authentication
First Claim
1. A method of performing an authentication operation within a data processing system, the method comprising:
- receiving a request message for a controlled resource from a client at a first server;
invoking a second server to generate an authentication credential or an authenticated identity; and
receiving the authentication credential or the authenticated identity from the second server at the first server within a response message.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is presented for providing an HTTP-based authentication mechanism. A request for a controlled resource is received from a client at a first server, which sends a request for an uncontrolled resource to a second server, which may be an HTTP-based authentication server, e.g., by redirecting a request via the client to the second server or by forwarding a request directly to the second server. The second server then obtains authentication information from the client. The second server returns the authentication credential or the authenticated identify to the first server within a response message, e.g., by storing the authentication credential within one or more HTTP headers. In response to receiving the authentication information, the first server builds a session for the client and processes the original request for the controlled resource, e.g., by sending a redirection for the controlled resource through the client.
-
Citations
45 Claims
-
1. A method of performing an authentication operation within a data processing system, the method comprising:
-
receiving a request message for a controlled resource from a client at a first server;
invoking a second server to generate an authentication credential or an authenticated identity; and
receiving the authentication credential or the authenticated identity from the second server at the first server within a response message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An apparatus for performing an authentication operation within a data processing system, the apparatus comprising:
-
means for receiving a request message for a controlled resource from a client at a first server;
means for invoking a second server to generate an authentication credential or an authenticated identity; and
means for receiving the authentication credential or the authenticated identity from the second server at the first server within a response message. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer program product on a computer readable medium for use in a data processing system for performing an authentication operation, the computer program product comprising:
-
means for receiving a request message for a controlled resource from a client at a first server;
means for invoking a second server to generate an authentication credential or an authenticated identity; and
means for receiving the authentication credential or the authenticated identity from the second server at the first server within a response message. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
Specification