Method and system of integrating third party authentication into internet browser code

US 7,191,467 B1
Filed: 03/15/2002
Issued: 03/13/2007
Est. Priority Date: 03/15/2002
Status: Expired due to Fees

First Claim

Patent Images

1. In a networked computing environment, a method of authenticating client requests utilizing HTTP-based authentication, comprising:

requesting content from a remote server;

receiving an HTTP redirect response from the remote server, the HTTP redirect response including information identifying a location corresponding to an authentication server of an authentication service and including authentication data identifying a specified authentication scheme;

upon recognizing the authentication data included with the HTTP redirect response,a) invoking local code corresponding to the specified authentication scheme to obtain credentials locally, andb) providing the credentials to the authentication server concurrent with providing an authentication request to the authentication server;

upon failing to recognize the authentication data included with the HTTP redirect response, providing an authentication request to the authentication server in response to the HTTP redirect response; and

receiving an authentication ticket from the authentication server, wherein the authentication ticket provides access to the requested content on the remote server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for using an Internet client'"'"'s local authentication mechanism in systems having updated browser code, so as to enable third party authentication according to an authentication scheme specified by a participating server on clients with updated browser code, while not breaking clients with legacy browser code. A redirect response from a server has authentication data added thereto such that updated browser code can detect the data'"'"'s presence and enable the use of local security mechanisms for authentication purposes with the server-specified authentication scheme, including local credential entry for verification at a third party login server. At the same time, if such a redirect response is received by prior browser code, the added data is ignored while conventional redirection occurs, such that third party authentication may be performed via redirection to a third party'"'"'s Internet page that provides a form for credential entry.

163 Citations

24 Claims

1. In a networked computing environment, a method of authenticating client requests utilizing HTTP-based authentication, comprising:
- requesting content from a remote server;
  
  receiving an HTTP redirect response from the remote server, the HTTP redirect response including information identifying a location corresponding to an authentication server of an authentication service and including authentication data identifying a specified authentication scheme;
  
  upon recognizing the authentication data included with the HTTP redirect response,a) invoking local code corresponding to the specified authentication scheme to obtain credentials locally, andb) providing the credentials to the authentication server concurrent with providing an authentication request to the authentication server;
  
  upon failing to recognize the authentication data included with the HTTP redirect response, providing an authentication request to the authentication server in response to the HTTP redirect response; and
  
  receiving an authentication ticket from the authentication server, wherein the authentication ticket provides access to the requested content on the remote server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein requesting content from the remote server comprises issuing an HTTP get request, and wherein receiving a redirect response from the remote server comprises receiving an HTTP 302 response.
  - 3. The method of claim 2 wherein invoking local code corresponding to the specified authentication scheme comprises converting the HTTP 302 response into an HTTP 401 response based on the authentication data in the HTTP 302 response.
  - 4. The method of claim 1 wherein recognizing the authentication data included with the HTTP redirect response comprises evaluating a header of the redirect response.
  - 5. The method of claim 1 wherein invoking local code corresponding to the specified authentication scheme comprises generating an authentication context object.
  - 6. The method of claim 1 wherein invoking local code corresponding to the specified authentication scheme comprises generating a response that simulates an authentication response.
  - 7. The method of claim 1 wherein invoking the local code corresponding to the specified authentication scheme to obtain credentials locally comprises, providing a user interface, and obtaining the credentials via the user interface.
  - 8. The method of claim 1 further comprising, receiving a ticket from the authentication service, providing the ticket to the remote server, and receiving content from the remote server.

9. A computer-readable storage medium having computer-executable instructions for performing a method of authenticating client requests utilizing HTTP-based authentication, comprising:
- requesting content from a remote server;
  
  receiving an HTTP redirect response from the remote server, the HTTP redirect response including information identifying a location corresponding to an authentication server of an authentication service and including authentication data identifying a specified authentication scheme;
  
  upon recognizing the authentication data included with the HTTP redirect response,a) invoking local code corresponding to the specified authentication scheme to obtain credentials locally, andb) providing the credentials to the authentication server concurrent with providing an authentication request to the authentication server;
  
  upon failing to recognize the authentication data included with the HTTP redirect response, providing an authentication request to the authentication server in response to the HTTP redirect response; and
  
  receiving an authentication ticket from the authentication server, wherein the authentication ticket provides access to the requested content on the remote server.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computer-readable storage medium of claim 9, wherein requesting content from the remote server comprises issuing an HTTP get request, and wherein receiving a redirect response from the remote server comprises receiving an HTTP 302 response.
  - 11. The computer-readable storage medium of claim 10, wherein invoking local code corresponding to the specified authentication scheme comprises converting the HTTP 302 response into an HTTP 401 response based on the authentication data in the HTTP 302 response.
  - 12. The computer-readable storage medium of claim 9, wherein recognizing the authentication data included with the HTTP redirect response includes evaluating a header of the redirect response.
  - 13. The computer-readable storage medium of claim 9, wherein invoking local code corresponding to the specified authentication scheme comprises generating an authentication context object.
  - 14. The computer-readable storage medium of claim 9, wherein invoking local code corresponding to the specified authentication scheme comprises generating a response that simulates an authentication response.
  - 15. The computer-readable storage medium of claim 9, wherein invoking local code corresponding to the specified authentication scheme to obtain credentials locally comprises, providing a user interface, and obtaining the credentials via the user interface.

16. A computer-readable storage medium having stored thereon a data structure for authenticating client requests utilizing HTTP-based authentication, comprising:
- a first set of data indicating that the data structure is an HTTP redirect response received from a remote server in response to a request to that remote server;
  
  a second set of data identifying a location to where the request should be redirected; and
  
  a third set of data corresponding to an authentication scheme;
  
  wherein the third set of data instructs an updated browser to invoke local authentication code corresponding to the authentication scheme to obtain credentials to be sent concurrent with an authentication request to the location identified in the second set of data, andwherein a legacy browser is not capable of recognizing the third set of data, and the first set of data instructs the legacy browser to redirect the request to the location identified in the second set of data.

17. A method of authenticating client requests utilizing HTTP-based authentication, including requests from a first client having updated browser code and a second client having legacy browser code, comprising:
- receiving initial requests for content from both the first and second clients; and
  
  in response to the initial requests, sending both the first and second clients an identical HTTP redirect response including;
  
  information identifying a location corresponding to an authentication server of an authentication service, andauthentication data identifying a specified authentication scheme;
  
  wherein the updated browser code detects the authentication data in the HTTP redirect response and instructs the first client to invoke local code corresponding to the specified authentication scheme to obtain credentials locally and provide the credentials to the authentication server concurrent with an authentication request;
  
  wherein the legacy browser code of the second client fails to detect the authentication data in the HTTP redirect response and redirects the initial request to the authentication server; and
  
  wherein both the first and second clients receive an authentication ticket from the authentication server, the authentication ticket providing access to the requested content.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The method of claim 17 wherein the local code obtains the credentials from a storage location.
  - 19. The method of claim 17 wherein the local code obtains the credentials by providing a user interface.
  - 20. The method of claim 17 wherein the updated browser code communicates with the local code via an authentication context object.
  - 21. The method of claim 17 wherein the updated browser code invokes the local code by converting the HTTP redirect response to an authentication response.
  - 22. The method of claim 21 wherein the HTTP redirect response comprises an HTTP 302 response and the authentication response comprises an HTTP 401 response.
  - 23. The method of claim 17 wherein the updated browser code detects the authentication data in a header of the HTTP redirect response.
  - 24. The method of claim 17 wherein, in response to redirecting the initial request to the authentication server, the authentication server sends a request for credentials to the second client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Rouskov, Yordan, Wang, Biao, Hawkins, John M., Erdogan, Samim, Dujari, Rajeev
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
Chen; Shin-Hon

Application Number

US10/099,403
Time in Patent Office

1,824 Days
Field of Search

713/171, 713/202, 713/151, 713/152, 709/220, 709/228, 709/230, 709/225, 395/187, 395/188
US Class Current

726/5
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

Method and system of integrating third party authentication into internet browser code

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

163 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system of integrating third party authentication into internet browser code

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

163 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links