STATE DRIVEN ORCHESTRATION OF AUTHENTICATION COMPONENTS IN AN ACCESS MANAGER
First Claim
1. A method for state driven orchestration of authentication components to access a resource protected by an access manager framework, comprising:
- receiving a request to access a resource from a client;
determining required authentication components for the requested resource and a sequential order of the authentication components based at least in part upon the received access request;
requesting a first set of credential information required for a first authentication component to authenticate the client requesting access to the resource;
upon successful validation of the received first set of credential information, generating an authentication context including information indicating a second authentication component of the determined sequential order of the required authentication components, the authentication context stored at the client;
requesting a second set of credential information required for the second authentication component to authenticate the client requesting access to the resource;
receiving the second set of credential information along with the authentication context from the client;
determining which authentication component is to receive the second set of credential information based at least in part upon the authentication context received from the client; and
sending the second set of credential information to the second authentication component.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems are described for state driven orchestration of authentication components to access a resource protected by an access manager framework. In response to a client request for a protected resource, relevant authentication components and their respective order are determined. Upon successful authentication of the first authentication component, proper state information of the authentication process is stored by the client indicating the next authentication component. In response to a request for additional credential information for the authentication process from the next authentication component, the client provides the stored state information so that the authentication process continues with the second authentication component according to the determined order of the authentication components within an authentication process.
-
Citations
20 Claims
-
1. A method for state driven orchestration of authentication components to access a resource protected by an access manager framework, comprising:
-
receiving a request to access a resource from a client; determining required authentication components for the requested resource and a sequential order of the authentication components based at least in part upon the received access request; requesting a first set of credential information required for a first authentication component to authenticate the client requesting access to the resource; upon successful validation of the received first set of credential information, generating an authentication context including information indicating a second authentication component of the determined sequential order of the required authentication components, the authentication context stored at the client; requesting a second set of credential information required for the second authentication component to authenticate the client requesting access to the resource; receiving the second set of credential information along with the authentication context from the client; determining which authentication component is to receive the second set of credential information based at least in part upon the authentication context received from the client; and sending the second set of credential information to the second authentication component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method comprising:
-
receiving a request to access a resource from a client, access to the resource requiring a first authentication and a second authentication; authenticating the user on a web browser client at a server using a first authentication plugin; sending an encrypted cookie to the client based on the first authentication; requesting the encrypted cookie from the web browser client; bypassing the first authentication based on the received encrypted cookie and then authenticating the user on the web browser client using a second authentication plugin; and allowing access to the resources that requires the first and second authentications based on the received encrypted cookie and the second authentication using the second authentication plugin.
-
-
20. A method comprising:
-
authenticating a user on a web browser client at a server using a first authentication plugin; sending an encrypted cookie to the client based on the authentication; receiving a request to access a resource from the client, access to the resource requiring a first authentication and a second authentication; requesting the encrypted cookie from the web browser client; bypassing the first authentication based on the received encrypted cookie and then authenticating the user on the web browser client using a second authentication plugin; and allowing access to the resources that requires the first and second authentications based on the received encrypted cookie and authentication using the second authentication plugin.
-
Specification