Systems and Methods for Facilitating Distributed Authentication
First Claim
1. A method for facilitating distributed authentication, the method comprising the steps of:
- (a) requesting, by a user of a client machine residing in a first domain, access to a resource residing in a second domain;
(b) authenticating, by the client machine, the user to an intermediate machine;
(c) impersonating, by the intermediate machine, the client machine;
(d) requesting, by the intermediate machine impersonating the client machine, access to the second domain from a domain controller residing in the second domain;
(e) authorizing, by the domain controller, the requested access to the second domain, responsive to a determination that the impersonated client machine is trusted for delegation;
(f) transmitting, by the domain controller, to an application server residing in the second domain, authentication data associated with the impersonated client machine;
(g) transmitting, by the application server, to the intermediate machine, a launch ticket uniquely identifying a logon token; and
(h) providing, by the client machine to the application server, the launch ticket to access the resource residing in the second domain.
8 Assignments
0 Petitions
Accused Products
Abstract
A method for facilitating distributed authentication includes the step of requesting, by a user of a client machine residing in a first domain, access to a resource residing in a second domain. The client machine authenticates the user to an intermediate machine. The intermediate machine impersonates the client machine. The intermediate machine impersonating the client machine requests access to the second domain from a domain controller residing in the second domain. The domain controller authorizes the requested access, responsive to a determination that the impersonated client machine is trusted for delegation. The domain controller transmits to an application server residing in the second domain, authentication data associated with the impersonated client machine. The application server transmits, to the intermediate machine, a launch ticket uniquely identifying a logon token. The client machine provides, to the application server, the launch ticket to access the resource residing in the second domain.
-
Citations
33 Claims
-
1. A method for facilitating distributed authentication, the method comprising the steps of:
-
(a) requesting, by a user of a client machine residing in a first domain, access to a resource residing in a second domain;
(b) authenticating, by the client machine, the user to an intermediate machine;
(c) impersonating, by the intermediate machine, the client machine;
(d) requesting, by the intermediate machine impersonating the client machine, access to the second domain from a domain controller residing in the second domain;
(e) authorizing, by the domain controller, the requested access to the second domain, responsive to a determination that the impersonated client machine is trusted for delegation;
(f) transmitting, by the domain controller, to an application server residing in the second domain, authentication data associated with the impersonated client machine;
(g) transmitting, by the application server, to the intermediate machine, a launch ticket uniquely identifying a logon token; and
(h) providing, by the client machine to the application server, the launch ticket to access the resource residing in the second domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for facilitating distributed authentication comprising:
-
a client machine, residing in a first domain, requesting access to a resource residing in a second domain;
an intermediate machine receiving, from the client machine, authentication credentials associated with a user of the client machine, authenticating the user, and impersonating the client machine;
a domain controller residing in the second domain, receiving a request for access to the second domain from the intermediate machine impersonating the client machine and determining that the impersonated client machine is trusted for delegation; and
an application server receiving, from the domain controller, authentication data associated with the user of the impersonated client machine with a request for access to the resource on the second domain and transmitting, to the intermediate machine impersonating the client machine, a launch ticket uniquely identifying a logon token;
wherein the client machine provides the launch ticket to the application server to access the resource residing in the second domain. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification