CROSS INSTANCE USER AUTHENTICATION ARCHITECTURE
First Claim
1. A method at a host organization, the method comprising:
- receiving a login request at a global Virtual Internet Protocol (VIP) address for the host organization from a client device;
forwarding the login request received at the global VIP address to one of a plurality of datacenters within the host organization;
determining the selected datacenter is a non-home-geo datacenter for a user associated with the login request received from the client device;
establishing a back-end link from the non-home-geo datacenter to a home-geo datacenter for the user;
forwarding the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication of the client device at the home-geo datacenter responsive to the login request received from the computing device; and
returning a response to the client device from the non-home-geo datacenter upon successful authentication of the login request at the home-geo datacenter, wherein the response specifies a re-direct to the home-geo datacenter for the user.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing a cross instance user authentication architecture in an on-demand service environment including, for example, means for receiving a login request at a global Virtual Internet Protocol (VIP) address for the host organization from a client device; forwarding the login request received at the global VIP address to one of a plurality of datacenters within the host organization; determining the selected datacenter is a non-home-geo datacenter for a user associated with the login request received from the client device; establishing a back-end link from the non-home-geo datacenter to a home-geo datacenter for the user; forwarding the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication of the client device at the home-geo datacenter responsive to the login request received from the computing device; and returning a response to the client device from the non-home-geo datacenter upon successful authentication of the login request at the home-geo datacenter, wherein the response specifies a re-direct to the home-geo datacenter for the user. Other related embodiments are disclosed.
-
Citations
25 Claims
-
1. A method at a host organization, the method comprising:
-
receiving a login request at a global Virtual Internet Protocol (VIP) address for the host organization from a client device; forwarding the login request received at the global VIP address to one of a plurality of datacenters within the host organization; determining the selected datacenter is a non-home-geo datacenter for a user associated with the login request received from the client device; establishing a back-end link from the non-home-geo datacenter to a home-geo datacenter for the user; forwarding the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication of the client device at the home-geo datacenter responsive to the login request received from the computing device; and returning a response to the client device from the non-home-geo datacenter upon successful authentication of the login request at the home-geo datacenter, wherein the response specifies a re-direct to the home-geo datacenter for the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. Non-transitory computer readable storage medium having instructions stored thereon that, when executed by a computing hardware of a host organization including one or more processors and memories, the instructions cause the host organization to perform operations comprising:
-
receiving a login request at a global Virtual Internet Protocol (VIP) address for the host organization from a client device; forwarding the login request received at the global VIP address to one of a plurality of datacenters within the host organization; determining the selected datacenter is a non-home-geo datacenter for a user associated with the login request received from the client device; establishing a back-end link from the non-home-geo datacenter to a home-geo datacenter for the user; forwarding the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication of the client device at the home-geo datacenter responsive to the login request received from the computing device; and returning a response to the client device from the non-home-geo datacenter upon successful authentication of the login request at the home-geo datacenter, wherein the response specifies a re-direct to the home-geo datacenter for the user. - View Dependent Claims (22, 23)
-
-
24. A computing architecture within a host organization, the computing architecture comprising:
-
one or more processors and memories to execute instructions; a plurality of datacenters geographically separated from one another, each of the plurality of datacenters having a plurality of computing pods therein including a database and a pool of application servers to perform workload processing on behalf of the host organization; a global virtual IP address interface and load balancer servicing a single URL endpoint for the host organization to receive login requests on behalf of the host organization; wherein the global virtual IP address interface and load balancer is to receive a login request from a client device and forward the login request to one of the plurality of datacenters within the host organization; wherein an application server at the selected datacenter determines the selected datacenter is a non-home-geo datacenter for a user associated with the login request received from the client device; wherein the application server establishes a back-end link from the non-home-geo datacenter to another application server at a home-geo datacenter for the user and forwards the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication of the client device at the home-geo datacenter responsive to the login request received from the computing device; and wherein the application server at the non-home-geo datacenter returns a response to the client device upon successful authentication of the login request by the other application server at the home-geo datacenter, wherein the response specifies a re-direct to the home-geo datacenter for the user. - View Dependent Claims (25)
-
Specification