CREDENTIAL COLLECTION IN AN AUTHENTICATION SERVER EMPLOYING DIVERSE AUTHENTICATION SCHEMES
First Claim
1. An authentication server comprising:
- an access manager to receive an authentication request for a user seeking access to a resource, and to identify that a first authentication scheme is to be used for authenticating said user before allowing access to said resource,wherein said first authentication scheme specifies that both of a first set of credentials and a second set of credentials are to be collected and checked for processing said authentication request; and
a custom module to send to said access manager a first command indicating said first set of credentials to be collected,said access manager, in response to receiving of said first command collecting said first set of credentials from said user, and checking whether said first set of credentials authenticates said user,said custom module to send to said access manager a second command after said checking, said second command indicating said second set of credentials to be collected,said access manager, in response to receiving of said second command, collecting said second set of credentials from said user and checking whether said second set of credentials authenticates said user,wherein, in response to said first authentication scheme specifying that said first set of credentials and said second set of credentials are to be collected and checked for processing said authentication request, said custom module sends said first command and said second command and said access manager collects and checks both of said first set of credentials and said second set of credentials to process said authentication request.
0 Assignments
0 Petitions
Accused Products
Abstract
An aspect of the present invention facilitates flexible credential collection in an authentication server employing diverse authentication schemes. In an embodiment, an access manager in the authentication server determines that an authentication scheme is to be used for allowing access to a resource requested by a user. A custom module (implementing the authentication scheme) in the authentication server then sends to the access manager commands indicating corresponding sets of credentials to be collected. The access manager, in response to receiving each command, collects the corresponding credentials from the user and checks whether the collected credentials authenticates the user. The custom module sends each command after the checking of the previously collected credentials. Accordingly, a developer of the custom module is enabled to request for and to perform the authentication of the user based on different sets of credentials.
17 Citations
6 Claims
-
1. An authentication server comprising:
-
an access manager to receive an authentication request for a user seeking access to a resource, and to identify that a first authentication scheme is to be used for authenticating said user before allowing access to said resource, wherein said first authentication scheme specifies that both of a first set of credentials and a second set of credentials are to be collected and checked for processing said authentication request; and a custom module to send to said access manager a first command indicating said first set of credentials to be collected, said access manager, in response to receiving of said first command collecting said first set of credentials from said user, and checking whether said first set of credentials authenticates said user, said custom module to send to said access manager a second command after said checking, said second command indicating said second set of credentials to be collected, said access manager, in response to receiving of said second command, collecting said second set of credentials from said user and checking whether said second set of credentials authenticates said user, wherein, in response to said first authentication scheme specifying that said first set of credentials and said second set of credentials are to be collected and checked for processing said authentication request, said custom module sends said first command and said second command and said access manager collects and checks both of said first set of credentials and said second set of credentials to process said authentication request. - View Dependent Claims (2)
-
-
3. A non-transitory machine readable medium storing one or more sequences of instructions for causing an authentication server to authenticate users, said one of more sequences of instructions comprising:
-
a first set of instructions representing an access manager to receive an authentication request for a user seeking access to a resource, and to identify that a first authentication scheme is to be used for authenticating said user before allowing access to said resource, wherein said first authentication scheme specifies that both of a first set of credentials and a second set of credentials are to be collected and checked for processing said authentication request; and a second set of instructions representing a custom module implementing said first authentication scheme, said custom module to send to said access manager first command and a second command, wherein said first command indicates that said first set of credentials is to be collected and said second command indicates that said second set of credentials is to be collected, said access manager, in response to receiving of said first command, to collect said first set of credentials from said user and to check whether said first set of credentials authenticates said user, said access manager, in response to receiving of said second command, to collect said second set of credentials from said user and to check whether said second set of credentials authenticates said user, wherein said custom module sends to said access manager said second command after said checking of said first set of credentials collected from said user, wherein, in response to said first authentication scheme specifying that said first set of credentials and said second set of credentials are to be collected and checked for processing said authentication request, said custom module sends said first command and said second command and said access manager collects and checks both of said first set of credentials and said second set of credentials to process said authentication request. - View Dependent Claims (4)
-
-
5. A method of authenticating users, said method being performed by an access manager in an authentication server, said method comprising:
-
receiving an authentication request for a user seeking access to a resource; identifying a first authentication scheme to be used for authenticating said user before allowing access to said resource, wherein said first authentication scheme specifies that both of a first set of credentials and a second set of credentials are to be collected and checked for processing said authentication request; notifying a custom module implementing said first authentication scheme; receiving from said custom module, a first command indicating that said first set of credentials is to be collected; in response to said receiving of said first command, collecting said first set of credentials from said user and checking whether said first set of credentials authenticates said user; after said checking, receiving from said custom module, a second command indicating that said second set of credentials is to be collected; and in response to said receiving of said second command, collecting said second set of credentials from said user and checking whether said second set of credentials authenticates said user, wherein, in response to said first authentication scheme specifying that said first set of credentials and said second set of credentials are to be collected and checked for processing said authentication request, said custom module sends said first command and said second command and said access manager collects and checks both of said first set of credentials and said second set of credentials to process said authentication request. - View Dependent Claims (6)
-
Specification