Method and apparatus for authenticating users
First Claim
1. A method of authenticating users comprising:
- a client requestor transmitting a request to a first server;
said first server redirecting said client requestor to a second server if said client requestor does not have a valid session, wherein said valid session comprises an allowable period of time during which a user may access one or more servers in a network of computers;
said second server authenticating said client requestor;
said second server creating a new session; and
said second server redirecting said client requestor to said first server.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for authenticating users. Prior art mechanisms require each individual application (running on an “application server”) that the user is accessing to provide for the ability to use the various authentication mechanisms. One or more embodiments of the invention externalize the authentication mechanism from the application in the form of a login server. Only the login server needs to be configured to handle authentication mechanisms. The application server checks if a request has an active and valid session (e.g., a valid session may exist when there is active communication between a client and server that has not expired). If there is not a valid session, the application server redirects the user to the login server. The login server attempts to authenticate the user using any desired authentication mechanism. Once authenticated, the login server redirects the user back to the application server. The application server verifies the authentication directly with the login server. Once verified, the application server processes the user'"'"'s request and responds accordingly. One or more embodiments of the invention may utilize cookies to aid in the authentication process. Thus, applications on the application server need not be concerned about authenticating a given user. The application server merely knows how to work with the login server to authenticate the user. Further, communications between the application server and login server are transparent (or without any interaction from) the user (although the user may see the browser communicating with each server).
649 Citations
32 Claims
-
1. A method of authenticating users comprising:
-
a client requestor transmitting a request to a first server;
said first server redirecting said client requestor to a second server if said client requestor does not have a valid session, wherein said valid session comprises an allowable period of time during which a user may access one or more servers in a network of computers;
said second server authenticating said client requestor;
said second server creating a new session; and
said second server redirecting said client requestor to said first server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
said client requestor transmitting a request to logout and a cookie to said first server; and
said first server invalidating said session if said cookie is valid.
-
-
5. The method of claim 1 further comprising:
-
said first server receiving said request from said client requestor;
said first server attaching a temporary identifier to said request;
said first server redirecting said client requestor to said second server using said request information, wherein request information comprises said temporary identifier;
said second server storing said temporary identifier in a location accessible to said first server, and indicating a successful authentication; and
said first server accessing said location to obtain said stored temporary identifier for verification of said session.
-
-
6. The method of claim 1 wherein said second server authenticating said client requestor comprises:
-
obtaining a cookie from said client requestor; and
indicating a successful authentication if said cookie is valid.
-
-
7. The method of claim 1 wherein said second server authenticates said client requestor using a username and password mechanism.
-
8. The method of claim 1 wherein said second server authenticates said client requestor using a challenge-response mechanism.
-
9. The method of claim 1 wherein said second server authenticates said client requestor using a smartcard mechanism.
-
10. The method of claim 1 wherein said step of said second server authenticating said client requestor comprises:
-
obtaining authentication information from said client requestor; and
determining if said authentication information is valid.
-
-
11. The method of claim 1 further comprising said first server transmitting a response to said requestor.
-
12. A system comprising a client requestor;
-
a first server configured to process a request from said requester and redirect said client requester to a second server; and
said second server configured to authenticate said client requester and redirect said client requestor to said first server. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
said client requestor configured to transmit a request to logout and a cookie to said first server; and
said session service configured to invalidate said session if said cookie is valid.
-
-
16. The system of claim 12 further comprising:
-
said first server configured to transmit a temporary identifier with said redirection to a second server;
said second server configured to store said temporary identifier; and
said first server further configured to verify authentication with said second server utilizing said temporary identifier.
-
-
17. The system of claim 12 wherein said second server is configured to:
-
obtain a cookie from said client requestor; and
indicate a successful authentication if said cookie is valid.
-
-
18. The system of claim 12 wherein said second server authenticates said requester using a username and password mechanism.
-
19. The system of claim 12 wherein said second server authenticates said client requestor challenge-response mechanism.
-
20. The system of claim 12 wherein said second server authenticates said requestor using a smartcard mechanism.
-
21. The system of claim 12 wherein said second server is configured to:
-
obtain authentication information from said client requester; and
determine if said authentication information is valid.
-
-
22. A computer program product comprising:
-
a computer usable medium having computer readable program code embodied therein configured to authenticate client requestors, said computer program product comprising;
computer readable program code configured to cause a computer to request information from a first server;
computer readable program code configured to cause said first server to redirect said client requestor to a second server;
computer readable program code configured to cause said second server to authenticate a client requester of said information; and
computer readable program code configured to cause said second server to redirect said client requestor to said first server. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
computer readable program code configured to cause a computer to transmit a request to logout and a cookie to said first server; and
computer readable program code configured to cause a computer to invalidate said session if said cookie is valid.
-
-
26. The computer program product of claim 22 further comprising:
-
computer readable program code configured to cause said first server to transmit a temporary identifier to said second server;
computer readable program code configured to cause said second server to store said temporary identifier; and
computer readable program code configured to cause said first server to verify authentication with said second server utilizing said temporary identifier.
-
-
27. The computer program product of claim 22 wherein said computer readable program code configured to cause said second server to authenticate said client requester comprises:
-
computer readable program code configured to cause said second server to obtain a cookie from said client requestor; and
computer readable program code configured to cause a computer to indicate a successful authentication if said cookie is valid.
-
-
28. The computer program product of claim 22 wherein said computer readable program code configured to cause said second server to authenticate said client requestor comprises computer readable program, code configured to utilize a username and password mechanism to authenticate said client requestor.
-
29. The computer pogrom product of claim 22 wherein said computer readable program, code configured to cause said second server to authenticate said client requestor comprises computer readable program code configured to utilize a challenge-response mechanism to authenticate said client requestor.
-
30. The computer program product of claim 22 wherein said computer readable program code configured to cause said second server to authenticate said client requester comprises computer readable program code configured to utilize a smartcard mechanism to authenticate said requester.
-
31. The computer program product of claim 22 wherein said computer readable program code configured to cause said second server to authenticate said client requester comprises:
-
computer readable program code configured to cause a computer to obtain authentication information from said client requestor; and
computer readable program code configured to cause a computer to determine if said authentication information is valid.
-
-
32. The computer program product of claim 22 further comprising computer readable program code configured to cause said first server to transmit a response to a client requestor of said information.
Specification