Method and system of integrating third party authentication into internet browser code
First Claim
1. In a computing environment, a method, comprising:
- requesting content from a remote server;
receiving a redirect response from the server, the redirect response including information identifying a location corresponding to a server of a third party authentication service;
determining whether the redirect response includes authentication data identifying a specified authentication scheme, and if so;
a) invoking local code corresponding to the specified authentication scheme to obtain credentials locally, and b) providing those credentials to the third party authentication service.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for using an Internet client'"'"'s local authentication mechanism in systems having updated browser code, so as to enable third party authentication according to an authentication scheme specified by a participating server on clients with updated browser code, while not breaking clients with legacy browser code. A redirect response from a server has authentication data added thereto such that updated browser code can detect the data'"'"'s presence and enable the use of local security mechanisms for authentication purposes with the server-specified authentication scheme, including local credential entry for verification at a third party login server. At the same time, if such a redirect response is received by prior browser code, the added data is ignored while conventional redirection occurs, such that third party authentication may be performed via redirection to a third party'"'"'s Internet page that provides a form for credential entry.
157 Citations
18 Claims
-
1. In a computing environment, a method, comprising:
-
requesting content from a remote server;
receiving a redirect response from the server, the redirect response including information identifying a location corresponding to a server of a third party authentication service;
determining whether the redirect response includes authentication data identifying a specified authentication scheme, and if so;
a) invoking local code corresponding to the specified authentication scheme to obtain credentials locally, and b) providing those credentials to the third party authentication service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. In a computing environment, a system comprising:
-
local authentication code corresponding to an authentication scheme, the local authentication code configured to obtain credentials corresponding to the authentication scheme and return the credentials to an entity that invokes the local authentication code; and
local browser code configured to;
a) request content from a remote resource server, b) receive responses from the remote resource server, including a redirect response, the redirect response including information identifying a location corresponding to a server of a third party authentication service and authentication data identifying a specified authentication scheme;
c) evaluate the response and detect the authentication data;
d) invoke the local authentication code and receive credentials in response;
e) provide the credentials to a remote third party authentication service server;
g) receive a ticket from the remote third party authentication service; and
h) provide the ticket to the remote resource server in association with another request for content. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A computer-readable medium having stored thereon a data structure, comprising:
-
a first set of data indicating that the data structure is a redirect response received from a remote server in response to a request to that remote server;
a second set of data identifying a location to where the request should be redirected; and
a third set of data corresponding to an authentication scheme;
wherein when the data structure is evaluated by first browser code that recognizes that the authentication scheme data is present, the first browser code invokes local authentication code to obtain credentials, and when the data structure is evaluated by second browser code that does not recognize that the authentication scheme data is present, the second browser code redirects the request to the location identified in the second set of data.
-
Specification
-
- Resources
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsRouskov, Yordan, Wang, Biao, Hawkins, John M., Erdogan, Samim, Dujari, Rajeev
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/27
-
CPC Class CodesH04L 63/08 for authentication of entit...H04L 63/0807 using tickets, e.g. Kerbero...H04L 63/0815 providing single-sign-on or...H04L 63/168 above the transport layerH04L 63/20 for managing network securi...H04L 67/02 based on web technology, e....
