Method and apparatus for authenticating users
First Claim
1. A method for authenticating users comprising the steps of:
- processing a request from a client requestor at a first server;
redirecting said request to a second server;
authenticating said client requestor, at said second server;
redirecting said client requestor to said first server; and
verifying, by said first server with said second server, that said client requestor is authenticated.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for authenticating users. Prior art mechanisms require each individual application (running on an “application server”) that the user is accessing to provide for the ability to use the various authentication mechanisms. One or more embodiments of the invention externalize the authentication mechanism from the application in the form of a login server. Only the login server needs to be configured to handle authentication mechanisms. The application server checks if a request has an active and valid session (e.g., a valid session may exist when there is active communication between a client and server that has not expired). If there is not a valid session, the application server redirects the user to the login server. The login server attempts to authenticate the user using any desired authentication mechanism. Once authenticated, the login server redirects the user back to the application server. The application server verifies the authentication directly with the login server. Once verified, the application server processes the user'"'"'s request and responds accordingly. One or more embodiments of the invention may utilize cookies to aid in the authentication process. Thus, applications on the application server need not be concerned about authenticating a given user. The application server merely knows how to work with the login server to authenticate the user. Further, communications between the application server and login server are transparent (or without any interaction from) the user (although the user may see the browser communicating with each server).
-
Citations
21 Claims
-
1. A method for authenticating users comprising the steps of:
-
processing a request from a client requestor at a first server;
redirecting said request to a second server;
authenticating said client requestor, at said second server;
redirecting said client requestor to said first server; and
verifying, by said first server with said second server, that said client requestor is authenticated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
transmitting, by said client requestor, a request to logout and a cookie to said first server; and
invalidating, by said session service, said session if said cookie is valid.
-
-
5. The method of claim 1, further comprising the steps of:
-
transmitting, by said first server, a temporary identifier with said redirection to a second server; and
storing, by said second server, said temporary identifier, wherein said step of verifying further includes verifying, by said first server with said second server, that said client requestor is authenticated utilizing said temporary identifier.
-
-
6. The method of claim 1, further comprising the steps of:
obtaining, by said second server, a cookie from said client requestor; and
indicating, by said second server, a successful authentication if said cookie is valid.
-
7. The method of claim 1, wherein said step of authenticating further includes authenticating said client requestor, at said second server, using a username and password mechanism.
-
8. The method of claim 1, wherein said step of authenticating further includes authenticating said client requestor, at said second server, using a challenge-response mechanism.
-
9. The method of claim 1, wherein said step of authenticating further includes authenticating said client requestor, at said second server, using a smartcard mechanism.
-
10. The method of claim 1, wherein said step of authenticating further includes:
-
obtaining authentication information from said client requestor; and
determining if said authentication information is valid.
-
-
11. A system for authenticating users comprising:
-
means for processing a request from a client requestor at a first server;
means for redirecting said request to a second server;
means for authenticating said client requestor at said second server;
means for redirecting said client requestor to said means for processing said request from said client requestor; and
means for verifying, by said first server with said second server, that said client requestor is authenticated. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
means for transmitting a request to logout and a cookie to said means for processing said request; and
means for invalidating said session if said cookie is valid.
-
-
15. The system of claim 11, further comprising:
-
means for transmitting a temporary identifier;
means for storing said temporary identifier; and
means for verifying authentication utilizing said temporary identifier.
-
-
16. The system of claim 11, wherein said means for authenticating said request further comprises:
-
means for obtaining a cookie from said client requestor; and
means for indicating a successful authentication if said cookie is valid.
-
-
17. The system of claim 11, wherein said means for authenticating said requestor utilizes a username and password mechanism.
-
18. The system of claim 11, wherein said means for authenticating said client requestor utilizes a challenge-response mechanism.
-
19. The system of claim 11, wherein said means for authenticating said requestor utilizes a smartcard mechanism.
-
20. The system of claim 11, wherein said means for authenticating further comprises:
-
means for obtaining authentication information from said client requestor; and
means for determining if said authentication information is valid.
-
-
21. A computer-readable medium including instructions that cause a data processing system for authenticating users to perform a method comprising the steps of:
-
processing a request for a client requestor at a first server;
redirecting said request to a second server for authentication of said client requestor and redirection of said client requestor to said first server from said second server; and
verifying, by said first server with said second server, that said client requestor is authenticated.
-
Specification
-
- Resources
-
Current AssigneeSun Microsystems Incorporated (Oracle Corporation)
-
Original AssigneeSun Microsystems Incorporated (Oracle Corporation)
-
InventorsGupta, Abhay, Ferris, Chris, Abdelnur, Alejandro
-
Primary Examiner(s)HUA, LY
-
Application NumberUS09/838,703Publication NumberTime in Patent Office1,182 DaysField of Search713/200, 713/201, 713/202, 713/155, 709/229, 709/218, 709/223US Class Current726/2CPC Class CodesG06F 21/33 using certificatesH04L 63/0807 using tickets, e.g. Kerbero...H04L 63/0815 providing single-sign-on or...H04L 67/02 based on web technology, e....
