METHOD AND SYSTEM FOR SESSION MANAGEMENT IN AN AUTHENTICATION ENVIRONMENT
First Claim
1. A computer readable storage medium comprising computer readable program code embodied therein for causing a computer system to:
- receive, from a resource system, a re-directed access request for a resource associated with a second authentication level, wherein a user has requested access to the resource, wherein the user is associated with a session, and wherein the session associated with a first authentication level;
identify a second authentication context using the second authentication level;
generate an authentication request using the second authentication context;
send the authentication request to an identity provider, wherein the identity provider;
identifies an authentication scheme corresponding to the second authentication context,obtains authentication information from the user,authenticates the user using the authentication information, andgenerates an assertion, in response to successful authentication, using the second authentication level, and the authentication scheme;
receive the assertion;
associate the session with the second authentication level to generate an upgraded session; and
allow the user access to the resource using the upgraded session.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for authentication. The method includes receiving a re-directed access request for a resource associated with a second authentication level, where a user has requested, the user is associated with a session, and the session associated with a first authentication level. The method further includes identifying a second authentication context using the second authentication level, generating an authentication request using the second authentication context, and sending the authentication request to an identity provider. In response the identity provider identifies an authentication scheme corresponding to the second authentication context, obtains authentication information from the user, authenticates the user using the authentication information, and generates an assertion, in response to successful authentication, using the second authentication level, and the authentication scheme. The method further includes receiving the assertion, associating the session with the second authentication level to generate an upgraded session to the user access to the resource.
50 Citations
20 Claims
-
1. A computer readable storage medium comprising computer readable program code embodied therein for causing a computer system to:
-
receive, from a resource system, a re-directed access request for a resource associated with a second authentication level, wherein a user has requested access to the resource, wherein the user is associated with a session, and wherein the session associated with a first authentication level; identify a second authentication context using the second authentication level; generate an authentication request using the second authentication context; send the authentication request to an identity provider, wherein the identity provider; identifies an authentication scheme corresponding to the second authentication context, obtains authentication information from the user, authenticates the user using the authentication information, and generates an assertion, in response to successful authentication, using the second authentication level, and the authentication scheme; receive the assertion; associate the session with the second authentication level to generate an upgraded session; and allow the user access to the resource using the upgraded session. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A service provider, configured to:
-
receive, from a resource system, a re-directed access request for a resource associated with a second authentication level, wherein a user has requested access to the resource, wherein the user is associated with a session, and wherein the session associated with a first authentication level; identify a second authentication context using the second authentication level; generate an authentication request using the second authentication context; send the authentication request to an identity provider, wherein the identity provider; identifies an authentication scheme corresponding to the second authentication context, obtains authentication information from the user, authenticates the user using the authentication information, and generates an assertion, in response to successful authentication, using the second authentication level, and the authentication scheme; receive the assertion; associate the session with the second authentication level to generate an upgraded session; and allow the user access to the resource using the upgraded session. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method for authentication, comprising:
-
receiving, from a resource system, a re-directed access request for a resource associated with a second authentication level, wherein a user has requested access to the resource, wherein the user is associated with a session, and wherein the session associated with a first authentication level; identifying a second authentication context using the second authentication level; generating an authentication request using the second authentication context; sending the authentication request to an identity provider, wherein the identity provider; identifies an authentication scheme corresponding to the second authentication context, obtains authentication information from the user, authenticates the user using the authentication information, and generates an assertion, in response to successful authentication, using the second authentication level, and the authentication scheme; receiving the assertion; associating the session with the second authentication level to generate an upgraded session; and allowing the user access to the resource using the upgraded session. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification