System, method and computer program product for authenticating users using a lightweight directory access protocol (LDAP) directory server
First Claim
Patent Images
1. A method of configuring a firewall process that executes on a device, the method comprising:
- receiving a host computer identification, the host computer including at least one directory schema defined by an entity and configured to store information concerning the entity'"'"'s organization;
receiving authentication settings for the firewall process to use in authenticating network resource requests received over a computer network by the firewall process as a function of the at least one directory schema;
generating an authorization filter for the firewall process to apply to computer network traffic as a function of the one or more authentication settings and the at least one directory schema; and
enabling the firewall process to intercept computer network resource requests from client users on an internal computer network and authorize computer network resource requests based on a comparison of at least a portion of the at least one directory schema to the authorization filter.
12 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product for providing authentication to a firewall using a lightweight directory access protocol (LDAP) directory server is disclosed. The firewall can be configured through a graphical user interface to implement an authentication scheme. The authentication scheme is based upon a determination of whether at least part of one or more LDAP entries satisfy an authorization filter.
26 Citations
16 Claims
-
1. A method of configuring a firewall process that executes on a device, the method comprising:
-
receiving a host computer identification, the host computer including at least one directory schema defined by an entity and configured to store information concerning the entity'"'"'s organization; receiving authentication settings for the firewall process to use in authenticating network resource requests received over a computer network by the firewall process as a function of the at least one directory schema; generating an authorization filter for the firewall process to apply to computer network traffic as a function of the one or more authentication settings and the at least one directory schema; and enabling the firewall process to intercept computer network resource requests from client users on an internal computer network and authorize computer network resource requests based on a comparison of at least a portion of the at least one directory schema to the authorization filter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer program product for enabling a processor in a computer system to implement a firewall configuration process, said computer program product comprising:
-
a non transitory computer usable medium having computer readable program code embodied in said medium for causing a program to execute on the computer system, said computer readable code comprising; first computer readable program code for enabling the computer system to receive a host computer identification, the host computer including at least one directory schema defined by an entity and configured to store information concerning the entity'"'"'s organization; second computer readable program code for enabling the computer system to receive authentication settings for the firewall to use in authenticating network resource requests as a function of the at least one directory schema; third computer readable program code for enabling the computer system to generate an authorization filter as a function of the one or more authentication settings and the at least one directory schema; and fourth computer readable program code for enabling the computer system to enable the firewall to intercept network resource requests from client users on an internal network and authorize network resource requests based on a comparison of at least a portion of the at least one directory schema to the authorization filter. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification