METHODS AND SYSTEMS FOR COMPLETING, BY A SINGLE-SIGN ON COMPONENT, AN AUTHENTICATION PROCESS IN A FEDERATED ENVIRONMENT TO A RESOURCE NOT SUPPORTING FEDERATION
7 Assignments
0 Petitions
Accused Products
Abstract
A system for distributed authentication includes a client machine, in a first domain in a federation, that receives from a user a first set of authentication credentials. The system also includes an intermediate machine in a second domain in the federation, a server, also in the second domain, a password management program executing on the server and a non-federated resource. The intermediate machine authenticates the user responsive to receiving the first set of authentication credentials and identifies a second set of authentication credentials. The server in the second domain authenticates the user, responsive to the second set of authentication credentials. The password management program, executing on the server, retrieves a third set of authentication credentials associated with the user. The non-federated resource authenticates the user, responsive to receiving, from the password management program, the third set of authentication credentials.
16 Citations
23 Claims
-
1-15. -15. (canceled)
-
16. A system for facilitating distributed authentication comprising:
-
a client machine, in a first domain that comprises a federated environment, receiving, from a user, a first set of authentication credentials; a federated identity server, in a second domain that comprises a federated environment, authenticating the user responsive to receiving the first set of authentication credentials; a server in the second domain, authenticating the user responsive to a second set of authentication credentials identified by the federated identity server; a password management program comprising a single sign-on component and, executing on the server, retrieving a third set of authentication credentials associated with the user responsive to the authentication of the user by the server in the federated environment; a second server outside the federated environment, authenticating the user, to grant access to a resource outside the federated environment, responsive to receiving, from the password management program, the third set of authentication credentials.
-
-
19. A method for facilitating distributed authentication, the method comprising the steps of:
-
(a) receiving, by a client machine in a first domain in a federated environment, from a user, a first set of authentication credentials; (b) authenticating, by a federated identity server in a second domain, the user, responsive to receiving the first set of authentication credentials; (c) authenticating, by a server in the second domain of the federated environment, the user, responsive to a second set of authentication credentials identified by the federated identity server; (d) retrieving, by a password management program executing on the server, a third set of authentication credentials associated with the user, the password management program comprising a single sign-on component; (e) authenticating, by a second server outside the federated environment, the user, to grant access to a resource outside the federated environment, responsive to receiving, from the password management program, the third set of authentication credentials.
-
-
23. A system for facilitating distributed authentication comprising:
-
means, in a first domain in a federation, for receiving, from a user, a first set of authentication credentials; means, in a second domain of the federation, for authenticating the user responsive to receiving the first set of authentication credentials; server means in the second domain of the federation for authenticating the user responsive to a second set of authentication credentials identified by the federated identity server; password management program, comprising a single sign-on component and executing on the server, retrieving a third set of authentication credentials associated with the user; and second server means, in a domain not in the federation, for authenticating the user to grant access to a resource outside the federated environment, responsive to receiving, from the password management program, the third set of authentication credentials.
-
Specification