System and method for delegating a user authentication process for a networked application to an authentication agent
First Claim
1. A method for authenticating a particular user of a networked application, wherein the networked application has a client side and a server side, the method implemented by the server side of the networked application and comprising:
- receiving authentication information for said particular user from the client side of the networked application;
storing information about a plurality of users, a plurality of groups, and a plurality of authentication agents, wherein said particular user is one of said plurality of users and the stored information indicates which of the plurality of users are members of which of the plurality of groups and which of the plurality of authentication agents are associated with which of the plurality of groups;
using the authentication information received from the client side of the networked application to access the stored information to identify in which of the plurality of groups said particular user is a member and to identify which of the plurality of authentication agents is associated with the identified group;
passing the authentication information to the identified authentication agent that is associated with the identified group in which said particular user is a member;
receiving from the identified authentication agent results of an authentication attempt by the identified authentication agent; and
authorizing the user of the networked application to access the networked application if the authentication attempt was successful.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for delegating a user authentication process for a networked application to an authentication proxy. A networked application may request a user to provide authentication information in order to access the application. Upon receiving this authentication information from the user, the client side of the networked application sends the information to the server side of the networked application. The server side of the application may then determine an appropriate authentication agent associated with the user to delegate the authentication process to. For example, for each application user, the server side of the application may maintain information associated with the user, such as the user'"'"'s employer. The application may then match this employer information to an authentication agent running in the employer'"'"'s network domain, and the authentication process may then be delegated to this authentication agent.
104 Citations
14 Claims
-
1. A method for authenticating a particular user of a networked application, wherein the networked application has a client side and a server side, the method implemented by the server side of the networked application and comprising:
-
receiving authentication information for said particular user from the client side of the networked application; storing information about a plurality of users, a plurality of groups, and a plurality of authentication agents, wherein said particular user is one of said plurality of users and the stored information indicates which of the plurality of users are members of which of the plurality of groups and which of the plurality of authentication agents are associated with which of the plurality of groups; using the authentication information received from the client side of the networked application to access the stored information to identify in which of the plurality of groups said particular user is a member and to identify which of the plurality of authentication agents is associated with the identified group; passing the authentication information to the identified authentication agent that is associated with the identified group in which said particular user is a member; receiving from the identified authentication agent results of an authentication attempt by the identified authentication agent; and authorizing the user of the networked application to access the networked application if the authentication attempt was successful. - View Dependent Claims (2, 3, 4, 5, 6, 13)
-
-
7. A computer system for authenticating a particular user of a networked application, said networked application having a sever side and a client side, the computer system implementing the server side of the networked application and comprising:
- one or more hardware computers including a hardware memory system;
storing code which when run by the one or more hardware computers causes the computer system to; receive authentication information for said particular user from the client side of the networked application; access stored information about a plurality of users, a plurality of groups, and a plurality of authentication agents, wherein said particular user is one of said plurality of users and the stored information indicates which of the plurality of users are members of which of the plurality of groups and which of the plurality of authentication agents are associated with which of the plurality of groups; use the authentication information received from the client side of the networked application and the stored information to identify in which of the plurality of groups said particular user is a member and to identify which of the plurality of authentication agents is associated with the identified group; pass the authentication information to the identified authentication agent that is associated with the identified group in which said particular user is a member; receive from the identified authentication agent results of an authentication attempt by the identified authentication agent; and authorize the user of the networked application to access the networked application if the authentication attempt was successful. - View Dependent Claims (8, 9, 10, 11, 12, 14)
- one or more hardware computers including a hardware memory system;
Specification