MULTI-HOP SINGLE SIGN-ON (SSO) FOR IDENTITY PROVIDER (IdP) ROAMING/PROXY
First Claim
Patent Images
1. An apparatus, comprising:
- a network device of a first identity provider (IdP) that provides a first identity and configured to operate as a proxy, for a second IdP that provides a second identity, to enable the second identity to be used to obtain authorized access to a service that recognizes the first identity,wherein to operate as the proxy to enable the second identity to be used to obtain authorized access to the service, the network device is configured to;
initiate an authentication process with the second IdP for the second identity; and
if the second identity is determined by the network device to be authenticated by the authentication process, send to the service an assert message associated with the first identity to complete the authorized access to the service; and
a network interface, included in the network device and having a transceiver, configured to communicate with the second IdP.
5 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure describe methods, apparatuses, and systems related to using an identity provider (IdP) as a proxy for another IdP. Other embodiments may be described and/or claimed.
-
Citations
19 Claims
-
1. An apparatus, comprising:
-
a network device of a first identity provider (IdP) that provides a first identity and configured to operate as a proxy, for a second IdP that provides a second identity, to enable the second identity to be used to obtain authorized access to a service that recognizes the first identity, wherein to operate as the proxy to enable the second identity to be used to obtain authorized access to the service, the network device is configured to; initiate an authentication process with the second IdP for the second identity; and if the second identity is determined by the network device to be authenticated by the authentication process, send to the service an assert message associated with the first identity to complete the authorized access to the service; and a network interface, included in the network device and having a transceiver, configured to communicate with the second IdP. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
-
providing, to a first identity provider (IdP) corresponding to a first identity, information pertaining to a second identity corresponding to a second IdP to enable the second identity to be associated with the first identity; receiving, by the second IdP, a request to authenticate the second identity to enable authorized access to a service that recognizes the first identity; authenticating, by the second IdP, the second identity; and sending, by the second IdP, an assert message to enable the first IdP to determine that the second identity has been authenticated. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An article of manufacture, comprising:
-
a non-transitory computer-readable medium having computer-readable instructions stored thereon and executable by a processor of a first identity provider (IdP) corresponding to a first identity, to; in response to receipt of a request to authenticate the first identity, determine that the first identity is linked to a user having a second identity corresponding to a second IdP; obtain an assertion that the second identity is authenticated; and in response to the obtained assertion that the second identity is authenticated, assert verification of the first identity. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification