Authorization services with external authentication
First Claim
Patent Images
1. A method for providing access to resources, comprising the steps of:
- receiving, at an access system, configuration information for a first resource, said access system provides for using of one or more internal authentication systems and said access system provides for reliance on one or more external authentication systems, said configuration information provides an indication to said access system to rely on a first external authentication system for said first resource;
receiving a first request from a first user for said first resource;
relying on said first external authentication system for authenticating said first user; and
performing, at said authorization system, authorization services for said first request;
wherein said authorization services comprise determining whether said first user is authorized to access said first resource; and
wherein authenticating said first user comprises verifying an identity of said first user.
5 Assignments
0 Petitions
Accused Products
Abstract
An Access System can provide identity management and/or access management services. Examples of access management services include authentication and authorization services. In some implementations, users of an Access System want to use the authorization services of the Access System but do not want to use the authentication services of the Access System. The present invention allows some or all of the resources protected by the Access System to use the authentication services of the Access System and some or all of the resources protected by the Access System to use external authentication services.
-
Citations
23 Claims
-
1. A method for providing access to resources, comprising the steps of:
-
receiving, at an access system, configuration information for a first resource, said access system provides for using of one or more internal authentication systems and said access system provides for reliance on one or more external authentication systems, said configuration information provides an indication to said access system to rely on a first external authentication system for said first resource; receiving a first request from a first user for said first resource; relying on said first external authentication system for authenticating said first user; and performing, at said authorization system, authorization services for said first request; wherein said authorization services comprise determining whether said first user is authorized to access said first resource; and wherein authenticating said first user comprises verifying an identity of said first user. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An access system, comprising:
-
a communication interface; one or more storage devices; and one or more processors in communication with said one or more storage devices and said communication interface, said one or more processors programmed to perform a method comprising the steps of; acquiring user identification information from a first authentication system external to said access system, said user identification information is associated with a request from a first user to access a first resource, relying on said first authentication system for authenticating said first user, using said user identification information to access an identity profile associated with said user identification information, and performing authorization services for said request to access said first resource based on said identity profile associated with said user identification information; wherein said authorization services comprise determining whether said first user is authorized to access said first resource; and wherein authenticating said first user comprises verifying an identity of said first user. - View Dependent Claims (8, 9, 10)
-
-
11. An access system, comprising:
-
a communication interface; one or more storage devices; and one or more processors in communication with said one or more storage devices and said communication interface, said one or more processors programmed to perform a method comprising the steps of; acquiring a plurality of variables from a first authentication system external to said access system, said variables are associated with a first request from a first user to access a first resource, relying on said first authentication system for authenticating said first user, and performing authorization services for said request to access said first resource based on said plurality of variables; wherein said authorization services comprise determining whether said first user is authorized to access said first resource; and wherein authenticating said first user comprises verifying an identity of said first user. - View Dependent Claims (12, 13, 14)
-
-
15. An access system, comprising:
-
a communication interface; one or more storage devices; and one or more processors in communication with said one or more storage devices and said communication interface, said one or more processors programmed to perform a method comprising the steps of; acquiring user identification information from an external authentication system separate from said access system, said user identification information is associated with a request from a first user to access a first resource, relying on said authentication system for authenticating said first user, using said user identification information to create information for a cookie, causing said cookie to be transmitted for storage on a client associated with said request to access said first resource, and performing authorization services for said request to access said first resource; wherein said authorization services comprise determining whether said first user is authorized to access said first resource; and wherein authenticating said first user comprises verifying an identity of said first user. - View Dependent Claims (16, 17, 18, 19)
-
-
20. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
receiving, at an access system, configuration information for a first resource, said access system provides for using one or more internal authentication systems and said access system provides for reliance on one or more external authentication systems, said configuration information provides an indication to said access system to rely on a first external authentication system for said first resource; receiving information for a first request from a first user for said first resource; relying on said first external authentication system for authenticating said first user; and performing, at said authorization system, authorization services for said first request; wherein said authorization services comprise determining whether said first user is authorized to access said first resource; wherein authenticating said first user comprises verifying an identity of said first user; and wherein said access system protects a plurality of resources, said plurality of resources includes said first resource, a second resource and a third resource, said first resource uses said first authentication system for authentication services, said second resource uses a second authentication system for authentication services, said second authentication system is separate from said access system, said third resource uses a third authentication system for authentication services, said third authentication system is separate from said access system, said first authentication system is a default web server authentication system, said second authentication system is a authentication plug-in, and said third authentication system is a third party authentication system. - View Dependent Claims (21)
-
-
22. An access system, comprising:
-
a communication interface; one or more storage devices; and one or more processors in communication with said one or more storage devices and said communication interface, said one or more processors programmed to perform a method comprising the steps of; providing for using one or more internal authentication systems, providing for reliance on one or more external authentication systems, receiving configuration information for a first resource, said configuration information provides an indication to rely on a first external authentication system for a first resource, receiving information for a first request from a first user for said first resource, relying on said first external authentication system for authenticating said first user, and performing authorization services for said first request; wherein said authorization services comprise determining whether said first user is authorized to access said first resource; wherein authenticating said first user comprises verifying an identity of said first user; and wherein said access system protects a plurality of resources, said plurality of resources includes said first resource, a second resource and a third resource, said first resource uses said first authentication system for authentication services, said second resource uses a second authentication system for authentication services, said second authentication system is separate from said access system, said third resource uses a third authentication system for authentication services, said third authentication system is separate from said access system, said first authentication system is a default web server authentication system, said second authentication system is a authentication plug-in, and said third authentication system is a third party authentication system. - View Dependent Claims (23)
-
Specification