Cross-protocol federated single sign-on (F-SSO) for cloud enablement
First Claim
1. A method to manage access to resources hosted in a shared pool of configurable computing resources, comprising:
- receiving a registration request to initiate a user'"'"'s registration to use resources hosted in the shared pool of configurable computing resources;
during a registration process initiated by receipt of the registration request, receiving a federated single sign-on (F-SSO) request, the F-SSO request having an assertion associated therewith that includes authentication data for use to enable direct user access to a resource hosted in the shared pool of configurable computing resources;
attempting to validate the assertion;
upon validation of the assertion, deploying the authentication data within the shared pool of configurable computing resources to enable direct user access to the resource.
2 Assignments
0 Petitions
Accused Products
Abstract
A method to enable access to resources hosted in a compute cloud begins upon receiving a registration request to initiate a user'"'"'s registration to use resources hosted in the compute cloud. During a registration process initiated by receipt of the registration request, a federated single sign-on (F-SSO) request is received. The F-SSO request includes an assertion (e.g., an HTTP-based SAML assertion) having authentication data (e.g., an SSH public key, a CIFS username, etc.) for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed within the cloud to enable direct user access to the compute cloud resource using the authentication data. In this manner, the cloud provider provides authentication, single sign-on and lifecycle management for the user, despite the “air gap” between the HTTP protocol used for F-SSO and the non-HTTP protocol used for the user'"'"'s direct access to the cloud resource.
205 Citations
33 Claims
-
1. A method to manage access to resources hosted in a shared pool of configurable computing resources, comprising:
-
receiving a registration request to initiate a user'"'"'s registration to use resources hosted in the shared pool of configurable computing resources; during a registration process initiated by receipt of the registration request, receiving a federated single sign-on (F-SSO) request, the F-SSO request having an assertion associated therewith that includes authentication data for use to enable direct user access to a resource hosted in the shared pool of configurable computing resources; attempting to validate the assertion; upon validation of the assertion, deploying the authentication data within the shared pool of configurable computing resources to enable direct user access to the resource. - View Dependent Claims (2, 3, 4, 5, 6, 28, 31)
-
- 7. The method as described in clam 2 wherein the authentication data includes a username.
-
10. Apparatus to manage access to resources hosted in a shared pool of configurable computing resources, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method comprising; receiving a registration request to initiate a user'"'"'s registration to use resources hosted in the shared pool of configurable computing resources; during a registration process initiated by receipt of the registration request, receiving a federated single sign-on (F-SSO) request, the F-SSO request having an assertion associated therewith that includes authentication data for use to enable direct user access to a resource hosted in the shared pool of configurable computing resources; attempting to validate the assertion; upon validation of the assertion, deploying the authentication data within the shared pool of configurable computing resources to enable direct user access to the resource. - View Dependent Claims (11, 12, 13, 14, 15, 29, 32)
-
- 16. The apparatus as described in clam 11 wherein the authentication data includes a username.
-
19. A computer program product in a computer readable medium for use in a data processing system to manage access to resources hosted in a shared pool of configurable computing resources, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
-
receiving a registration request to initiate a user'"'"'s registration to use resources hosted in the shared pool of configurable computing resources; during a registration process initiated by receipt of the registration request, receiving a federated single sign-on (F-SSO) request, the F-SSO request having an assertion associated therewith that includes authentication data for use to enable direct user access to a resource hosted in the shared pool of configurable computing resources; attempting to validate the assertion; upon validation of the assertion, deploying the authentication data within the shared pool of configurable computing resources to enable direct user access to the resource. - View Dependent Claims (20, 21, 22, 23, 24, 30, 33)
-
- 25. The computer program product as described in clam 20 wherein the authentication data includes a username.
Specification