IDENTITY BROKER CONFIGURED TO AUTHENTICATE USERS TO HOST SERVICES
First Claim
Patent Images
1. A computer-implemented method for authenticating a user requesting access to a computing resource, the method comprising:
- receiving, from the computing resource, a request to authenticate the user, wherein the request includes a token and a username, and wherein the request is formatted according to a user authentication protocol understood by the computing resource;
invoking, on an identity provider server, a token validation process, wherein the token is passed as a parameter to the token validation process;
receiving, from the identity provider server, an authentication message; and
generating, in response to the request received from the computing resource, a validation response formatted according to the user authentication protocol, wherein the response indicates whether the authentication message indicates the token was successfully validated by the identity provider server.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed for an identity broker to authenticate users to a network device, system, or hosted application that uses certain legacy protocols for user authentication. For example, the identity broker may be configured to respond to a user authentication request from a network device formatted as a RADIUS or LDAP message. The identity broker may operate in conjunction with an identity provider to authenticate a user requesting access to a computing resource (e.g., to the network device, system, or hosted application).
78 Citations
25 Claims
-
1. A computer-implemented method for authenticating a user requesting access to a computing resource, the method comprising:
-
receiving, from the computing resource, a request to authenticate the user, wherein the request includes a token and a username, and wherein the request is formatted according to a user authentication protocol understood by the computing resource; invoking, on an identity provider server, a token validation process, wherein the token is passed as a parameter to the token validation process; receiving, from the identity provider server, an authentication message; and generating, in response to the request received from the computing resource, a validation response formatted according to the user authentication protocol, wherein the response indicates whether the authentication message indicates the token was successfully validated by the identity provider server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable storage medium containing a program which, when executed by a processor, performs an operation for authenticating a user requesting access to a computing resource, the operation comprising:
-
receiving, from the computing resource, a request to authenticate the user, wherein the request includes a token and a username, and wherein the request is formatted according to a user authentication protocol understood by the computing resource; invoking, on an identity provider server, a token validation process, wherein the token is passed as a parameter to the token validation process; receiving, from the identity provider server, an authentication message; and generating, in response to the request received from the computing resource, a validation response formatted according to the user authentication protocol, wherein the response indicates whether the authentication message indicates the token was successfully validated by the identity provider server. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system, comprising:
-
one or more computer processors; and a memory containing a program, which when executed by the one or more computer processors is configured to perform an operation for authenticating a user requesting access to a computing resource, the operation comprising; receiving, from the computing resource, a request to authenticate the user, wherein the request includes a token and a username, and wherein the request is formatted according to a user authentication protocol understood by the computing resource, invoking, on an identity provider server, a token validation process, wherein the token is passed as a parameter to the token validation process, receiving, from the identity provider server, an authentication message, and generating, in response to the request received from the computing resource, a validation response formatted according to the user authentication protocol, wherein the response indicates whether the authentication message indicates the token was successfully validated by the identity provider server. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification