Actively Federated Mobile Authentication
First Claim
1. A method for making web service calls to an enterprise service, comprising:
- providing user credentials to an identity provider to obtain a first security token, the identity provider having an established trust relationship with the enterprise service, the token providing authentication for service requests received at the enterprise service;
providing the first token to a trust broker, the trust broker having an established trust relationship with a service relay and the identity provider;
receiving a second token from the trust broker in exchange for the first token, the second token providing authentication to a service relay; and
sending a service request to the service relay with the first token and the second token.
4 Assignments
0 Petitions
Accused Products
Abstract
To make a trusted web service call, a client application sends a series of messages to obtain tokens that allow service requests to pass through a service relay. The user obtains a first security token by providing the user'"'"'s credentials. A second token is obtained from a trust broker that validates the first token. Both tokens are then sent with a service request to a service relay. The service relay validates the second token and then passes the first token and the service request to a connector service. The connector service validates the first token and passes the service request to a target back end service. The connector service acts as the user when communicating with the back end service. Service responses are routed back to the user through the connector service and the service relay.
-
Citations
20 Claims
-
1. A method for making web service calls to an enterprise service, comprising:
-
providing user credentials to an identity provider to obtain a first security token, the identity provider having an established trust relationship with the enterprise service, the token providing authentication for service requests received at the enterprise service; providing the first token to a trust broker, the trust broker having an established trust relationship with a service relay and the identity provider; receiving a second token from the trust broker in exchange for the first token, the second token providing authentication to a service relay; and sending a service request to the service relay with the first token and the second token. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for processing service requests at a connector service in an enterprise network, comprising:
-
receiving a service request and a token from a service relay, the service request directed to a back end service in the enterprise network, the token containing user identity information corresponding to a user who sent the service request; validating the token and extracting the user identity information; using the user identity information to communicate with the back end service in the user'"'"'s place; sending the service request to the back end service; receiving a response to the service request; and sending the response to the service relay. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for making web service calls to a back office service on an enterprise network, comprising:
-
providing user credentials to an identity provider to obtain a first token, the identity provider having an established trust relationship with an enterprise service, the token providing authentication for service requests received by the enterprise service; providing the first token to a trust broker, the trust broker having an established trust relationship with a service relay and the identity provider; receiving a second token from the trust broker in exchange for the first token, the second token providing authentication for a service relay; sending a service request to the service relay with the first token and the second token, the service request directed to the back office service; receiving the service request and the first token from the service relay at a connector service; extracting user identity information from the first token; using the user identity information to communicate with the back office service in the user'"'"'s place; and sending the service request to the back office service. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification