System and method for relaying authentication at network attachment
First Claim
1. A method for authenticating a client to a network access server, said method comprising(a) connecting said client to said network access server,(b) transmitting from said client to said network access server an identity,(c) forwarding said identity from said network access server to a local authentication server,(d) locating an identity provider web server responsible for authenticating said client with said identity,(e) transmitting from said local authentication server to said client a redirect address,(f) establishing a tunnel to permit access from said client to said identity provider web server via said network access server and said local authentication server,(g) transmitting from said client to said identity provider web server within said tunnel an authentication request comprising said identity and comprising said redirect address,(h) authenticating said client at said identity provider web server based on said authentication request,(i) transmitting from said identity provider web server to said client within said tunnel a response,(j) transmitting from said client to said local authentication server said response,(k) validating said response at said local authentication server, and(l) transmitting from said local authentication server to said network access server a configuration to permit network access by said client.
0 Assignments
0 Petitions
Accused Products
Abstract
An information processing system for remote access computing comprising a network access server and a local authentication server is augmented with the capability for relaying authentication requests by tunneling interactions between the requesting client and an identity provider.
-
Citations
14 Claims
-
1. A method for authenticating a client to a network access server, said method comprising
(a) connecting said client to said network access server, (b) transmitting from said client to said network access server an identity, (c) forwarding said identity from said network access server to a local authentication server, (d) locating an identity provider web server responsible for authenticating said client with said identity, (e) transmitting from said local authentication server to said client a redirect address, (f) establishing a tunnel to permit access from said client to said identity provider web server via said network access server and said local authentication server, (g) transmitting from said client to said identity provider web server within said tunnel an authentication request comprising said identity and comprising said redirect address, (h) authenticating said client at said identity provider web server based on said authentication request, (i) transmitting from said identity provider web server to said client within said tunnel a response, (j) transmitting from said client to said local authentication server said response, (k) validating said response at said local authentication server, and (l) transmitting from said local authentication server to said network access server a configuration to permit network access by said client.
-
8. A system for authenticating a client to a network access server, said system comprising
(a) said client, (b) said network access server, (c) a local authentication server, and (d) an identity provider web server, wherein said client connects to said network access server, said client transmits an identity to said network access server, said network access server forwards said identity to said local authentication server, said local authentication server locates said identity provider web server responsible for authenticating said client with said identity, said local server transmits a redirect address to said client, said local authentication server establishes a tunnel to permit access by said client to said identity provider web server, said client transmits within said tunnel an authentication request comprising said redirect identity and comprising said redirect address to said identity provider web server, said identity provider web server authenticates said client based on said authentication request, said identity provider web server transmits within said tunnel a response to said client, said client transmits said response to said local authentication server, said local authentication server validates said response, and said local authentication server configures said network access server to permit network access to said client.
-
14. A computer program product within a computer usable medium with software for authenticating a client to a network access server, said computer program product comprising
(a) instructions connecting said client to said network access server, (b) instructions for transmitting from said client to said network access server an identity, (c) instructions for forwarding said identity from said network access server to a local authentication server, (d) instructions for locating an identity provider web server responsible for authenticating said client with said identity, (e) instructions for transmitting from said local authentication server to said client a redirect address, (f) instructions for establishing a tunnel to permit access from said client to said identity provider web server via said network access server and said local authentication server, (g) instructions for transmitting from said client to said identity provider web server within said tunnel an authentication request comprising said identity and comprising said redirect address, (h) instructions for authenticating said client at said identity provider web server based on said authentication request, (i) instructions for transmitting from said identity provider web server to said client within said tunnel a response, (j) instructions for transmitting from said client to said local authentication server said response, (k) instructions for validating said response at said local authentication server, and (l) instructions for transmitting from said local authentication server to said network access server a configuration to permit network access by said client.
Specification