IDENTITY PROVIDER SERVER CONFIGURED TO VALIDATE AUTHENTICATION REQUESTS FROM IDENTITY BROKER
First Claim
Patent Images
1. A computer-implemented method for facilitating a user request for access to a computing resource, the method comprising:
- generating, in response to authenticating an identity of the user, a token value;
passing the token value to a client application, wherein the client application is configured to pass the token value, as a password, to the computing resource, and wherein the computing resource is configured to pass the token value to an identity broker server in a message formatted according to a user authentication protocol understood by the computing resource;
receiving, from the identity broker server, a request to authenticate a copy of the token value; and
upon determining a match between the generated token value and the copy of the token value received from the identity broker server, passing a validation message to the identity broker server indicating that the token has been authenticated.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed for an identity broker to authenticate users to a network device, system, or hosted application that uses certain legacy protocols for user authentication. For example, the identity broker may be configured to respond to a user authentication request from a network device formatted as a RADIUS or LDAP message. The identity broker may operate in conjunction with an identity provider to authenticate a user requesting access to a computing resource (e.g., to the network device, system, or hosted application).
-
Citations
29 Claims
-
1. A computer-implemented method for facilitating a user request for access to a computing resource, the method comprising:
-
generating, in response to authenticating an identity of the user, a token value; passing the token value to a client application, wherein the client application is configured to pass the token value, as a password, to the computing resource, and wherein the computing resource is configured to pass the token value to an identity broker server in a message formatted according to a user authentication protocol understood by the computing resource; receiving, from the identity broker server, a request to authenticate a copy of the token value; and upon determining a match between the generated token value and the copy of the token value received from the identity broker server, passing a validation message to the identity broker server indicating that the token has been authenticated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-readable storage medium containing a program which, when executed by a processor, performs an operation for facilitating a user request for access to a computing resource, the operation comprising:
-
generating, in response to authenticating an identity of the user, a token value; passing the token value to a client application, wherein the client application is configured to pass the token value, as a password, to the computing resource, and wherein the computing resource is configured to pass the token value to an identity broker server in a message formatted according to a user authentication protocol understood by the computing resource; receiving, from the identity broker server, a request to authenticate a copy of the token value; and upon determining a match between the generated token value and the copy of the token value received from the identity broker server, passing a validation message to the identity broker server indicating that the token has been authenticated. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A system, comprising:
-
one or more computer processors; and a memory containing a program, which when executed by the one or more computer processors performs an operation for facilitating a user request for access to a computing resource, the operation comprising; generating, in response to authenticating an identity of the user, a token value, passing the token value to a client application, wherein the client application is configured to pass the token value, as a password, to the computing resource, and wherein the computing resource is configured to pass the token value to an identity broker server in a message formatted according to a user authentication protocol understood by the computing resource, receiving, from the identity broker server, a request to authenticate a copy of the token value, and upon determining a match between the generated token value and the copy of the token value received from the identity broker server, passing a validation message to the identity broker server indicating that the token has been authenticated. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
Specification