FEDERATED REALM DISCOVERY
First Claim
1. A method of obtaining a security token for accessing a network service within a federation, the network service residing outside a home realm of a security principal, the method comprising:
- obtaining a system security token via an authentication request to directory services using domain-joined credentials, the domain-joined credentials including a security principal identifier;
receiving a partner security token in response to a request for authentication transmitted to a home security authority of the security principal, the request including the system security token;
submitting the partner security token to a non-home security authority associated with a network service without presenting a login user interface of the non-home security authority to the security principal;
receiving from the non-home security authority the security token for accessing the network service in response to the submission of the partner security token to the non-home security authority.
2 Assignments
0 Petitions
Accused Products
Abstract
A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user'"'"'s credentials before the user'"'"'s secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user'"'"'s home realm and provide realm information directing the user device to login at the home realm.
38 Citations
20 Claims
-
1. A method of obtaining a security token for accessing a network service within a federation, the network service residing outside a home realm of a security principal, the method comprising:
-
obtaining a system security token via an authentication request to directory services using domain-joined credentials, the domain-joined credentials including a security principal identifier; receiving a partner security token in response to a request for authentication transmitted to a home security authority of the security principal, the request including the system security token; submitting the partner security token to a non-home security authority associated with a network service without presenting a login user interface of the non-home security authority to the security principal; receiving from the non-home security authority the security token for accessing the network service in response to the submission of the partner security token to the non-home security authority. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable storage medium having computer-executable instructions for performing a computer process that obtains a security token for accessing a network service within a federation, the network service residing outside a home realm of a security principal, the computer process comprising:
-
obtaining a system security token via an authentication request to directory services using domain-joined credentials, the domain-joined credentials including a security principal identifier; identifying a home security authority of the security principal based on at least a portion of the security principal identifier received in the domain-joined credentials; receiving a partner security token in response to a request for authentication transmitted to the identified home security authority of the security principal, the request including the system security token; submitting the partner security token to a non-home security authority associated with a network service without presenting a login user interface of the non-home security authority to the security principal; receiving from the non-home security authority the security token for accessing the network service in response to the submission of the partner security token to the non-home security authority. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-readable storage medium having computer-executable instructions for performing a computer process that identifies a home security authority for authenticating a security principal within a federation, the computer process comprising:
-
receiving at a non-home security authority a request from a security principal requesting identification of the home security authority of the security principal based on at least a portion of a security principal identifier of the security principal; evaluating a realm list providing one or more mappings between security principal identifiers or portions thereof and realm information, the realm information identifying the home security authority corresponding to the security principal identifier or portion thereof; sending from the non-home security authority to the security principal an identification of the home security authority of the security principal corresponding to the security principal identifier or a portion thereof that matches the at least a portion of the security principal identifier of the security principal. - View Dependent Claims (18, 19, 20)
-
Specification