Identity Federation and Token Translation Module for Use With a Web Application

US 20170019410A1
Filed: 07/14/2015
Published: 01/19/2017
Est. Priority Date: 07/14/2015
Status: Active Grant

First Claim

Patent Images

1. An identity federation and security token translation module for operable engagement with a web application or an internet information service (IIS) comprising:

a first server including computer-executable instructions defining the identity federation and security token translation module for managing and facilitating a creation of a security principal object for a user requesting access to the web application;

wherein the identity federation and security token translation module includes;

an access thread for directly requesting and obtaining authentication and authorization tokens from at least one security token service (STS) based on a request for access from a user of the web application;

a new user security token request thread for requesting and receiving a security token from the STS;

a secure sockets layer (SSL) certificate thread for pulling a SSL certificate from the web application and sending the SSL certificate to the STS;

a validation thread for validating the received security token from the STS;

a user profile call thread for calling another service and receiving user profile and fine grain access (FGA) information corresponding to the validated received security token;

a builder thread for building a custom security principal object from the received user profile and FGA information;

an insertion thread for inserting the custom security principal object in the web application as an FGA dataset;

a data cache stores the custom security principal object in a non-transitory computer readable media, wherein the data cache is located the first server; and

wherein the identity federation and security token translation module may be changed without making changes to the web application or the IIS.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An identity federation and security token translation module and method for operable engagement with a web application or an internet information service (IIS). A first server includes computer-executable instructions defining the identity federation and security token translation module for managing and facilitating a creation of a custom security principal object for a user requesting access to the web application. A data cache stores the custom security principal object in a non-transitory computer readable media. The identity federation and security token translation module may be changed without making changes to the web application or the IIS.

25 Citations

View as Search Results

20 Claims

1. An identity federation and security token translation module for operable engagement with a web application or an internet information service (IIS) comprising:
- a first server including computer-executable instructions defining the identity federation and security token translation module for managing and facilitating a creation of a security principal object for a user requesting access to the web application;
  
  wherein the identity federation and security token translation module includes;
  
  an access thread for directly requesting and obtaining authentication and authorization tokens from at least one security token service (STS) based on a request for access from a user of the web application;
  
  a new user security token request thread for requesting and receiving a security token from the STS;
  
  a secure sockets layer (SSL) certificate thread for pulling a SSL certificate from the web application and sending the SSL certificate to the STS;
  
  a validation thread for validating the received security token from the STS;
  
  a user profile call thread for calling another service and receiving user profile and fine grain access (FGA) information corresponding to the validated received security token;
  
  a builder thread for building a custom security principal object from the received user profile and FGA information;
  
  an insertion thread for inserting the custom security principal object in the web application as an FGA dataset;
  
  a data cache stores the custom security principal object in a non-transitory computer readable media, wherein the data cache is located the first server; and
  
  wherein the identity federation and security token translation module may be changed without making changes to the web application or the IIS.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The module of claim 1, wherein the at least one STS includes a second server connected to the first server over a network.
  - 3. The module of claim 2, wherein the data cache is located on the second server.
  - 4. The module of claim 1, wherein the web application is on the first server.
  - 5. The module of claim 1, wherein the IIS is on the first server.
  - 6. The module of claim 1, further including a user cache search thread for determining if the data cache includes a custom security principal object for the user requesting access to the web application.
  - 7. The module of claim 1, further including an additional calling thread for calling at least one other STS for obtaining additional information on the user using the validated received security token as an authentication to the at least one other STS.
  - 8. The module of claim 1, further including a developer testing thread for testing the identity federation and security token translation module on the first server without using a STS.
  - 9. The module of claim 8, further including a test file for passing a test security token onto the validation thread for building a test security principal object.
  - 10. The module of claim 9, wherein the test file is modifiable for simulating a plurality of security principal object properties.

11. A computer-implemented method for providing identity federation and security token translation comprising:
- managing and facilitating a creation of a security principal object for a user requesting access to a web application by operably engaging with the web application or an internet information service (IIS), via a first server including computer-executable instructions defining a module;
  
  requesting and obtaining, by the module, authentication and authorization tokens directly from at least one security token service (STS) based on a request for access from a user of the web application;
  
  requesting and receiving, by the module, a security token from the STS for a new user;
  
  pulling, by the module, a secure sockets layer (SSL) certificate from the web application and sending the SSL certificate to the STS;
  
  validating, by the module, the received security token from the STS;
  
  calling, by the module, another service and receiving user profile and fine grain access (FGA) information corresponding to the validated received security token;
  
  building, by the module, a custom security principal object from the received user profile and FGA information;
  
  inserting, by the module, the custom security principal object in the web application as an FGA dataset;
  
  storing the custom security principal object in a data cache including a non-transitory computer readable media, wherein the data cache is located the first server; and
  
  changing the module without making changes to the web application or the ITS.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, further including connecting the at least one STS located on a second server to the first server over a network.
  - 13. The method of claim 12, wherein the data cache is located on the second server.
  - 14. The method of claim 11, wherein the web application is on the first server.
  - 15. The method of claim 11, wherein the IIS is on the first server.
  - 16. The method of claim 11, further including determining if the data cache includes a custom security principal object for the user requesting access to the web application and if the determination is yes, inserting the custom security principal object for the user from the data cache in the web application.
  - 17. The method of claim 11, further including calling at least one other STS and obtaining additional information on the user using the validated received security token as an authentication to the at least one other STS.
  - 18. The method of claim 11, further including testing the module on the first server without using a STS.
  - 19. The method of claim 18, further including using a test file to pass a test security token onto the validating step and building a test security principal object.
  - 20. The method of claim 19, further including modifying the test file and simulating a plurality of security principal object properties.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Reilly, Robert, Chimakurthi, Sandeep Chakravarthy, Huck, Bridget

Granted Patent

US 9,674,200 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3263   involving certificates, e.g...

Identity Federation and Token Translation Module for Use With a Web Application

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identity Federation and Token Translation Module for Use With a Web Application

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links