System and method for authentication upon network attachment
First Claim
1. A method for authenticating a client to a network access server, said method comprising(a) connecting said client to said network access server,(b) transmitting a policy from a local authentication server to said client via said network access server,(c) establishing a tunnel to permit access to an identity provider via said network authentication server and said local authentication server,(d) transmitting within said tunnel an authentication request from said client to an identity provider responder of said identity provider,(e) authenticating said client based on said authentication request,(f) generating an authentication token,(g) transmitting said authentication token from said identity provider responder to said client within said tunnel,(h) transmitting said authentication token from said client to said local authentication server via said network access server,(i) validating said authentication token, and(j) configuring said network access server to permit network access to said client.
0 Assignments
0 Petitions
Accused Products
Abstract
An information processing system for remote access computing comprising a network access server and a local authentication server is augmented with the capability for forwarding authentication requests by tunneling interactions between the requesting client and an identity provider.
-
Citations
17 Claims
-
1. A method for authenticating a client to a network access server, said method comprising
(a) connecting said client to said network access server, (b) transmitting a policy from a local authentication server to said client via said network access server, (c) establishing a tunnel to permit access to an identity provider via said network authentication server and said local authentication server, (d) transmitting within said tunnel an authentication request from said client to an identity provider responder of said identity provider, (e) authenticating said client based on said authentication request, (f) generating an authentication token, (g) transmitting said authentication token from said identity provider responder to said client within said tunnel, (h) transmitting said authentication token from said client to said local authentication server via said network access server, (i) validating said authentication token, and (j) configuring said network access server to permit network access to said client.
-
11. A system for authenticating a client to a network access server, said system comprising
(a) said client, (b) said network access server, (c) a local authentication server, and (d) an identity provider responder, wherein said client connects to said network access server, said local authentication server transmits a policy to said client via said network access server, said local authentication server establishes a tunnel to permit access by said client to said identity provider responder, said client transmits within said tunnel an authentication request from said client to said identity provider responder, said identity provider responder authenticates said client based on said authentication request, said identity provider responder generates an authentication token, said identity provider responder transmits within said tunnel said authentication token to said client, said client provides said authentication token to said local authentication server via said network access server, said local authentication server validates said authentication token, and said local authentication server configures said network access server to permit network access to said client.
-
17. A computer program product within a computer usable medium with software for authenticating a client to a network access server, said computer program product comprising
(a) instructions for transmitting a policy from a local authentication server to said client via said network access server, (b) instructions for establishing a tunnel to permit access to an identity provider via said network authentication server and said local authentication server, (c) instructions for transmitting within said tunnel an authentication request from said client to an identity provider responder of said identity provider, (d) instructions for authenticating said client based on said authentication request, (e) instructions for generating an authentication token, (f) instructions for transmitting said authentication token from said identity provider responder to said client within said tunnel, (g) instructions for transmitting said authentication token from said client to said local authentication server via said network access server, (h) instructions for validating said authentication token, and (i) instructions for configuring said network access server to permit network access to said client.
Specification