TECHNIQUES TO PERFORM FEDERATED AUTHENTICATION

US 20090328178A1
Filed: 06/27/2008
Published: 12/31/2009
Est. Priority Date: 06/27/2008
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving an authentication request to authenticate a client using a basic authentication protocol by a resource server;

discovering an identity server for the client with a user name, the identity server in a home realm for the client;

retrieving authentication information from the identity server using an enhanced authentication protocol; and

authenticating the client to access resource services using the authentication information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques to perform federated authentication are described. An apparatus may comprise a resource server may have an authentication proxy component to perform authentication operations on behalf of a client. The authentication proxy component comprises an authentication handling module operative to receive an authentication request to authenticate the client using a basic authentication protocol. The authentication proxy component also comprises an authentication discovery module communicatively coupled to the authentication handling module, the authentication discovery module operative to discover an identity server for the client. The authentication proxy component further comprises an authentication manager module communicatively coupled to the authentication discovery module, the authentication manager module operative to retrieve authentication information from the identity server using an enhanced authentication protocol, and authenticate the client to access resource services using the authentication information. Other embodiments are described and claimed.

97 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving an authentication request to authenticate a client using a basic authentication protocol by a resource server;
  
  discovering an identity server for the client with a user name, the identity server in a home realm for the client;
  
  retrieving authentication information from the identity server using an enhanced authentication protocol; and
  
  authenticating the client to access resource services using the authentication information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, comprising retrieving authentication information as a security token for the client.
  - 3. The method of claim 1, comprising creating a shadow account for the client by the resource server.
  - 4. The method of claim 1, comprising storing the authentication information for the client in a shadow account for the client created by the resource server.
  - 5. The method of claim 1, comprising receiving an access request to access a resource service as provided by the resource server from the client.
  - 6. The method of claim 1, comprising sending an access response to the client from the resource server granting access to a resource service as provided by the resource server.
  - 7. The method of claim 1, comprising receiving an access request to access a resource service as provided by a different resource server from the client.
  - 8. The method of claim 1, comprising sending an access response to the client from the resource server granting access to a resource service as provided by a different resource server.
  - 9. The method of claim 1, wherein the basic authentication protocol comprises a Hypertext Transfer Protocol (HTTP) Basic Access Authentication (BASIC) authentication protocol (HTTP-BASIC), a NT Local Area Network Manager (NTLM) authentication protocol, or a Remote Procedure Call (RPC) authentication protocol
  - 10. The method of claim 1, wherein the enhanced authentication protocol comprises a web services security authentication protocol.

11. An article comprising a storage medium containing instructions that if executed enable a system to:
- receive an authentication request to authenticate a client using a basic authentication protocol by a resource server;
  
  retrieve authentication information from an identity server for the client using an enhanced authentication protocol; and
  
  authenticate the client to access resource services using the authentication information.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The article of claim 11, further comprising instructions that if executed enable the system to create a shadow account for the client by the resource server.
  - 13. The article of claim 11, further comprising instructions that if executed enable the system to store the authentication information for the client in a shadow account for the client created by the resource server.
  - 14. The article of claim 11, further comprising instructions that if executed enable the system to receive an access request from the client to access a resource service as provided by the resource server or another resource server.
  - 15. The article of claim 11, further comprising instructions that if executed enable the system to send an access response to the client from the resource server granting access to a resource service as provided by the resource server or another resource server.

16. An apparatus, comprising:
- a resource server having an authentication proxy component to perform authentication operations on behalf of a client, the authentication proxy component comprising;
  
  an authentication handling module operative to receive an authentication request to authenticate the client using a basic authentication protocol;
  
  an authentication discovery module communicatively coupled to the authentication handling module, the authentication discovery module operative to discover an identity server for the client; and
  
  an authentication manager module communicatively coupled to the authentication discovery module, the authentication manager module operative to retrieve authentication information from the identity server using an enhanced authentication protocol, and authenticate the client to access resource services using the authentication information.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus of claim 16, comprising a client directory database communicatively coupled to the authentication manager module, the authentication manager module operative to create a shadow account for the client in the client directory database, and store the authentication information for the client in the shadow account.
  - 18. The apparatus of claim 16, comprising a resource handling module communicatively coupled to the authentication manager module, the resource handling module operative to receive an access request from the client to access a resource service as provided by the resource server or another resource server, and send an access response to the client granting or denying access to the resource service as provided by the resource server or another resource server.
  - 19. The apparatus of claim 16, the basic authentication protocol comprising a Hypertext Transfer Protocol (HTTP) Basic Access Authentication (BASIC) authentication protocol (HTTP-BASIC), a NT Local Area Network Manager (NTLM) authentication protocol, or a Remote Procedure Call (RPC) authentication protocol
  - 20. The apparatus of claim 16, the enhanced authentication protocol comprising a web services security authentication protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Shipp, Neil, McDaniel, Paul

Granted Patent

US 9,736,153 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

G06F 2221/2115   Third party

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/105   Multiple levels of security

H04L 9/3213   using tickets or tokens, e....

H04L 9/3271   using challenge-response

TECHNIQUES TO PERFORM FEDERATED AUTHENTICATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES TO PERFORM FEDERATED AUTHENTICATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links