Identity provider discovery service using a publish-subscribe model
1 Assignment
0 Petitions
Accused Products
Abstract
A proxy is integrated within an F-SSO environment and interacts with an external identity provider (IdP) instance discovery service. The proxy proxies IdP instance requests to the discovery service and receives responses that include the IdP instance assignments. The proxy maintains a cache of the instance assignment(s). As new instance requests are received, the cached assignment data is used to provide appropriate responses in lieu of proxying these requests to the discovery service, thereby reducing the time needed to identify the required IdP instance. The proxy dynamically maintains and manages its cache by subscribing to updates from the discovery service. The updates identify IdP instance changes (such as servers being taken offline for maintenance, new services being added, etc.) occurring within the set of geographically-distributed instances that comprise the IdP service. The updates are provided via a publication-subscription model such that the proxy receives change notifications proactively.
30 Citations
25 Claims
-
1-7. -7. (canceled)
-
8. Apparatus for providing identity provider services using an identity provider instance discovery service, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method comprising; as requests for identity provider instances are processed by the discovery service, receiving and storing data identifying the identity provider instances; receiving an update concerning a resource associated with the directory service, the update received via a publish-subscribe notification service supported on a hardware element; based on the update, modifying the data; and upon receipt a new request for an identity provider instance, using the modified data to identify an identity provider instance for use in responding to the new request. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
15. A computer program product in a computer readable medium for use in a data processing system for providing identity provider services using an identity provider instance discovery service, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
-
as requests for identity provider instances are processed by the discovery service, receiving and storing data identifying the identity provider instances; receiving an update concerning a resource associated with the directory service, the update received via a publish-subscribe notification service supported on a hardware element; based on the update, modifying the data; and upon receipt a new request for an identity provider instance, using the modified data to identify an identity provider instance for use in responding to the new request. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A system for identifying identity provider instances, comprising:
-
a proxy supported on a hardware element and having a cache associated therewith, the proxy issuing identity provider instance discovery requests; an identity provider instance discovery service that receives each identity provider instance discovery request issued by the proxy, makes a selection, and returns to the proxy, for storage in the cache, data identifying the selection; and a notification service by which the proxy subscribes to receive updates from the identity provider instance discovery service, at least one update concerning a resource associated with the directory service and being used by the proxy to update the data stored in the cache. - View Dependent Claims (23, 24, 25)
-
Specification