Identity Federation and Token Translation Module for Use With a Web Application
First Claim
1. An identity federation and security token translation module for operable engagement with a web application or an internet information service (IIS) comprising:
- a first server including computer-executable instructions defining the identity federation and security token translation module for managing and facilitating a creation of a security principal object for a user requesting access to the web application;
wherein the identity federation and security token translation module includes;
an access thread for directly requesting and obtaining authentication and authorization tokens from at least one security token service (STS) based on a request for access from a user of the web application;
a new user security token request thread for requesting and receiving a security token from the STS;
a secure sockets layer (SSL) certificate thread for pulling a SSL certificate from the web application and sending the SSL certificate to the STS;
a validation thread for validating the received security token from the STS;
a user profile call thread for calling another service and receiving user profile and fine grain access (FGA) information corresponding to the validated received security token;
a builder thread for building a custom security principal object from the received user profile and FGA information;
an insertion thread for inserting the custom security principal object in the web application as an FGA dataset;
a data cache stores the custom security principal object in a non-transitory computer readable media, wherein the data cache is located the first server; and
wherein the identity federation and security token translation module may be changed without making changes to the web application or the IIS.
1 Assignment
0 Petitions
Accused Products
Abstract
An identity federation and security token translation module and method for operable engagement with a web application or an internet information service (IIS). A first server includes computer-executable instructions defining the identity federation and security token translation module for managing and facilitating a creation of a custom security principal object for a user requesting access to the web application. A data cache stores the custom security principal object in a non-transitory computer readable media. The identity federation and security token translation module may be changed without making changes to the web application or the IIS.
25 Citations
20 Claims
-
1. An identity federation and security token translation module for operable engagement with a web application or an internet information service (IIS) comprising:
-
a first server including computer-executable instructions defining the identity federation and security token translation module for managing and facilitating a creation of a security principal object for a user requesting access to the web application; wherein the identity federation and security token translation module includes; an access thread for directly requesting and obtaining authentication and authorization tokens from at least one security token service (STS) based on a request for access from a user of the web application; a new user security token request thread for requesting and receiving a security token from the STS; a secure sockets layer (SSL) certificate thread for pulling a SSL certificate from the web application and sending the SSL certificate to the STS; a validation thread for validating the received security token from the STS; a user profile call thread for calling another service and receiving user profile and fine grain access (FGA) information corresponding to the validated received security token; a builder thread for building a custom security principal object from the received user profile and FGA information; an insertion thread for inserting the custom security principal object in the web application as an FGA dataset; a data cache stores the custom security principal object in a non-transitory computer readable media, wherein the data cache is located the first server; and wherein the identity federation and security token translation module may be changed without making changes to the web application or the IIS. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method for providing identity federation and security token translation comprising:
-
managing and facilitating a creation of a security principal object for a user requesting access to a web application by operably engaging with the web application or an internet information service (IIS), via a first server including computer-executable instructions defining a module; requesting and obtaining, by the module, authentication and authorization tokens directly from at least one security token service (STS) based on a request for access from a user of the web application; requesting and receiving, by the module, a security token from the STS for a new user; pulling, by the module, a secure sockets layer (SSL) certificate from the web application and sending the SSL certificate to the STS; validating, by the module, the received security token from the STS; calling, by the module, another service and receiving user profile and fine grain access (FGA) information corresponding to the validated received security token; building, by the module, a custom security principal object from the received user profile and FGA information; inserting, by the module, the custom security principal object in the web application as an FGA dataset; storing the custom security principal object in a data cache including a non-transitory computer readable media, wherein the data cache is located the first server; and changing the module without making changes to the web application or the ITS. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification