Distributed authentication mechanisms for handling diverse authentication systems in an enterprise computer system
First Claim
1. In a distributed computing system, an authentication server arranged to provide a credential reference used by any of a number authenticated requesting clients to access a protected resource in a requested realm, comprising:
- a credential request verifier arranged to determine if additional authentication data is required by the authentication server in order to grant the credential reference to the requesting client;
a realm authenticator coupled to the credential request verifier arranged to authenticate the requesting client in a requested realm when it is determined that the requesting client is allowed to access the requested realm;
a credential translator coupled to the realm authenticator arranged to grant a requested privilege in the authenticated realm to the requesting client when it is determined that the requesting client is allowed the requested privilege in the authenticated realm;
a credential generator coupled to the credential translator arranged to generate a credential in the authentication server; and
a credential reference generator that provides the credential reference to the requesting client wherein the credential reference points back to the credential that allows the requesting client access to the protected resource.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and computer systems for providing access to a protected resource are described. In an enterprise computer system, an authentication server provides a client requesting access to the protected resource a credential. In order to access the protected resource, the requesting client presents a protected resource access request in combination with the credential to a server coupled to the protected resource. The server, in turn, requests the authentication server to validate the credential. After the authentication server has validated the credential, the server grants the requesting client access to the protected resource.
-
Citations
24 Claims
-
1. In a distributed computing system, an authentication server arranged to provide a credential reference used by any of a number authenticated requesting clients to access a protected resource in a requested realm, comprising:
-
a credential request verifier arranged to determine if additional authentication data is required by the authentication server in order to grant the credential reference to the requesting client;
a realm authenticator coupled to the credential request verifier arranged to authenticate the requesting client in a requested realm when it is determined that the requesting client is allowed to access the requested realm;
a credential translator coupled to the realm authenticator arranged to grant a requested privilege in the authenticated realm to the requesting client when it is determined that the requesting client is allowed the requested privilege in the authenticated realm;
a credential generator coupled to the credential translator arranged to generate a credential in the authentication server; and
a credential reference generator that provides the credential reference to the requesting client wherein the credential reference points back to the credential that allows the requesting client access to the protected resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of accessing a protected resource in a multi-platform enterprise computer system having an authentication server arranged to provide a credential reference associated with a credential used by any of a number of requesting clients to access the protected resource, wherein the authentication server is securely coupled to the requesting client and a server coupled to the protected resource, comprising:
-
providing an access request to the authentication server by the requesting client that includes authentication data indicative of the protected resource;
authenticating the requesting client to access the protected resource by the authentication server based upon the authentication data;
authenticating the requesting client to exercise a privilege associated with the protected resource, wherein the privilege is in addition to the granted access;
providing the requesting client with the credential reference;
presenting the credential reference along with a protected resource access request to the server;
validating the credential by the authentication server when the credential reference is presented by the server; and
granting the requesting client access to the protected resource by the server when the credential is validated. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A method of accessing a protected resource in a multi-platform enterprise computer system having an authentication server arranged to authenticate a credential used by a requesting client as a credential owner to access the protected resource, wherein the authentication server is securely coupled to the requesting client and an EJB server coupled to the protected resource, comprising:
-
providing a credential request to the authentication server by the requesting client, wherein the credential request includes authentication data indicative of the protected resource;
authenticating the requesting client to access the protected resource by the authentication server base upon the authentication data;
authenticating the requesting client to exercise a privilege associated with the protected resource, wherein the privilege is in addition to the granted access;
providing the requesting client with a reference to the credential;
presenting the reference to the credential along with a protected resource access request to the server;
validating the credential by the authentication server when presented by the server; and
granting the requesting client access to the protected resource by the EJB server when the credential is validated. - View Dependent Claims (21, 22, 23, 24)
-
Specification