System, method and program for user authentication, and recording medium on which the program is recorded
2 Assignments
0 Petitions
Accused Products
Abstract
Method and system for user authentication in a federated computing environment. The method includes a first method for recording server authentication information, including: establishing a trusting relationship between a first and second server, obtaining an authentication policy of the second server, and registering the authentication policy of the second server within the first server. The method includes a second method for registering new user authentication information of a new user, including: verifying that the new user authentication information conforms to an authentication policy of the first server, and registering the new user authentication information in the first server. The method includes a third method for authenticating a user, including: receiving an access request from the user to access the federated computing environment, receiving notification based on input authentication information that the user has been authorized for the requested access, and permitting the user to access the federated computing environment.
57 Citations
49 Claims
-
1-24. -24. (canceled)
-
25. A method for recording server authentication information, comprising:
-
establishing, by a first server of a plurality of servers in a federated computing environment, a trusting relationship between the first server and a second server of the plurality of servers;
after said establishing the trusting relationship, obtaining by the first server an authentication policy of the second server, wherein an authentication policy for each server of the plurality of servers is defined as at least one rule of each server for authenticating users of the federated computing environment; and
after said obtaining the authentication policy of the second server, registering by the first server the authentication policy of the second server within the first server. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
-
34. A method for registering new user authentication information of a new user, comprising:
-
accepting, by a first server of a plurality of servers in a federated computing environment, the new user authentication information, wherein the new user authentication information does not exist in an authentication information Lightweight Directory Access Protocol (LDAP) of the first server for the new user;
after said accepting, verifying by the first server that the new user authentication information conforms to an authentication policy of the first server, wherein an authentication policy for each server of the plurality of servers is defined as at least one rule of each server for authenticating users of the federated computing environment; and
after said verifying, registering by the first server the new user authentication information in the authentication information LDAP of the first server. - View Dependent Claims (35, 36, 37, 38, 39, 40, 41)
-
-
42. A method for authenticating a user, comprising:
-
receiving, by a first server of a plurality of servers in a federated computing environment, an access request from the user to access the federated computing environment, wherein the first server comprises an authentication policy table, wherein the authentication policy table of the first server comprises an authentication policy of each server of the plurality of servers registered therein, and wherein an authentication policy for each server of the plurality of servers is defined as at least one rule of each server for authenticating users of the federated computing environment;
after said receiving the access request, receiving by the first server input authentication information from the user;
obtaining, by the first server, a server address of a second server having an authentication policy that matches an authentication policy of the first server;
transmitting, by the first server to the second server via the server address of a second server, the input authentication information;
after said transmitting the input authentication information to the second server, receiving by the first server from the second server a notification that the second server has successfully authorized the user; and
after said receiving the notification that the second server has successfully authorized the user, permitting the user to access the federated computing environment, wherein said permitting is performed by the first server. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49)
-
Specification