FEDERATED FULL DOMAIN LOGON
First Claim
1. A method comprising:
- storing a certificate at a credential mapper of a server device;
corresponding, by the server device, a token to the certificate stored at the credential mapper;
receiving, at the server device and from a client device, the token;
determining, at the server device, whether the client device has authenticated with an identity providing device based on the token received from the client device; and
in response to determining that the client device has authenticated with the identity providing device, providing a temporary certificate for granting the client device access to a domain.
7 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Components used to implement fast smart card logon may also be used to implement a federated full domain logon. A virtual smart card credential, which may be ephemeral, may be issued based on the acceptance of an external authentication event. Example external authentication events include logon at a Security Assertion Markup Language (SAML) Identity Provider, smart card authentication over TLS or SSL, and alternative authentication credentials such as biometrics or one-time password (OTP) without AD password. Moreover, the certificate operation interception components from fast smart card logon may be used to enable interaction with the virtual smart card without fully emulating a smart card at the PC/SC API level. The virtual smart card may be created locally at the authentication server or on a separate server that may be highly protected.
48 Citations
20 Claims
-
1. A method comprising:
-
storing a certificate at a credential mapper of a server device; corresponding, by the server device, a token to the certificate stored at the credential mapper; receiving, at the server device and from a client device, the token; determining, at the server device, whether the client device has authenticated with an identity providing device based on the token received from the client device; and in response to determining that the client device has authenticated with the identity providing device, providing a temporary certificate for granting the client device access to a domain. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus comprising:
-
a processor; and memory storing computer-executable instructions that, when executed by the processor, cause the apparatus to; store a certificate at a credential mapper of the apparatus; correspond a token to the certificate stored at the credential mapper; receive, from a client device, the token; determine whether the client device has authenticated with an identity providing device based on the token received from the client device; and in response to determining that the client device has authenticated with the identity providing device, provide a temporary certificate for granting the client device access to a domain. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
sending, by a client device and to an identity providing device, credentials for authenticating the client device with the identity providing device; receiving, at the client device and from the identity providing device, a token indicating that the client device is authenticated with the identity providing device; sending, by the client device and to a server device, the token; and in response to the client device receiving an indication from the server device that the client device has been granted access to a domain based on the token, using a temporary certificate to access the domain. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification