Identity provider instance discovery
First Claim
1. A method of discovering an identity provider instance, the identity provider instance being one of a plurality of identity provider instances that comprise a logical IdP service, comprising:
- receiving a request for an identity provider instance, the request being associated with a service provider;
in response to receiving the request, selecting a particular one of the plurality of identity provider instances according to a selection criteria; and
returning a response to the request identifying the selected identity provider instance.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of discovering an identity provider instance according to this disclosure begins upon receipt from a service provider (or from a discovery service to which the service provider redirects the user) of a request for an IdP instance. Preferably, the request for an IdP instance is received as a Web services request following receipt at the service provider of an end user client request to access an application. In response to receiving the request, an IdP instance is selected, preferably using one or more criteria, such as user proximity, instance load, instance availability, the existence of a prior IdP binding, or the like. Following the selection, a response to the request is generated and returned to the requesting service provider. Preferably, the response is a redirect to the selected IdP instance.
39 Citations
12 Claims
-
1. A method of discovering an identity provider instance, the identity provider instance being one of a plurality of identity provider instances that comprise a logical IdP service, comprising:
-
receiving a request for an identity provider instance, the request being associated with a service provider; in response to receiving the request, selecting a particular one of the plurality of identity provider instances according to a selection criteria; and returning a response to the request identifying the selected identity provider instance. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method to automatically select an identity provider (IdP) instance from among a set of identity provider instances comprising an enterprise IdP service, comprising:
-
clustering a plurality of identity provider instances at distributed locations to provide IdP discovery for a plurality of federated applications, each cluster comprising a plurality of identity provider instances; responsive to receipt at a cluster of a request for an identity provider instance, determining whether the request should be processed at the cluster; if it is determined that the request should be processed at the cluster, determining an appropriate cluster instance and returning a response to the request; and if it is determined that the request should not be processed at the cluster, redirecting the request to another cluster for servicing. - View Dependent Claims (11, 12)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsMcCarty, Richard James
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current709/225
-
CPC Class CodesG06F 9/505 considering the loadH04L 41/00 Arrangements for maintenanc...H04L 63/0815 providing single-sign-on or...H04L 63/0823 using certificates cryptogr...H04L 67/02 based on web technology, e....H04L 67/51 Discovery or management the...
